Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Python, several overflows

September 2008 by Vigil@nce

SYNTHESIS

Several overflows of Python can lead to a denial of service or to code execution.

Gravity: 2/4

Consequences: user access/rights, denial of service of service

Provenance: document

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 05/09/2008

Identifier: VIGILANCE-VUL-8091

IMPACTED PRODUCTS

- Mandriva Corporate [confidential versions]
- Mandriva Linux [confidential versions]
- Mandriva Multi Network Firewall [confidential versions]
- Novell Linux Desktop [confidential versions]
- Novell Open Enterprise Server [confidential versions]
- OpenSUSE [confidential versions]
- Slackware Linux [confidential versions]
- SuSE Linux [confidential versions]
- SUSE LINUX Enterprise Server [confidential versions]
- Unix - plateform

DESCRIPTION

An attacker can create a malicious Python program or use special data in order to generate several overflows.

The vulnerability VIGILANCE-VUL-7290 (https://vigilance.aql.fr/tree/1/7290) related to imageop was not fully corrected. [grav:1/4; CVE-2008-1679]

Several integer overflows can occur in stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule and mmapmodule modules. [grav:2/4; 230640, CVE-2008-2315]

An attacker can generate an integer overflow in the _hashopenssl.c file of the hashlib module. [grav:2/4; 230640, CVE-2008-2316]

An attacker can use a long Unicode string in order to create an overflow in the unicode_resize() function or in the PyMem_RESIZE macro. [grav:2/4; CVE-2008-3142]

An attacker can generate overflow in Include/pymem.h, Modules/_csv.c, Modules/_struct.c, Modules/arraymodule.c, Modules/audioop.c, Modules/binascii.c, Modules/cPickle.c, Modules/cStringIO.c, Modules/cjkcodecs/multibytecodec.c, Modules/datetimemodule.c, Modules/md5.c, Modules/rgbimgmodule.c, Modules/stropmodule.c, Objects/bufferobject.c, Objects/listobject.c, Objects/obmalloc.c, Parser/node.c, Python/asdl.c, Python/ast.c, Python/bltinmodule.c and Python/compile.c files. Python version 2.5.2 is corrected. [grav:2/4; CVE-2008-3143]

An attacker can generate several integer overflows in the PyOS_vsnprintf() function of Python/mysnprintf.c. [grav:2/4; CVE-2008-3144]

These overflows can, depending on the context, lead to denials of service or to code execution.

CHARACTERISTICS

Identifiers: 230640, BID-30491, CVE-2008-1679, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144, MDVSA-2008:163, MDVSA-2008:164, MDVSA-2008:186, SSA:2008-217-01, SUSE-SR:2008:017, VIGILANCE-VUL-8091

https://vigilance.aql.fr/tree/1/8091




See previous articles

    

See next articles