Buffer overflow : Python Imageop Module imageop.crop() BOF Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800052

Categoría: Buffer overflow

Título: Python Imageop Module imageop.crop() BOF Vulnerability - Windows

Resumen: Python is prone to a buffer overflow vulnerability.

Descripción: Summary:
Python is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists due the way module imageop.crop() handles
the arguments as input in imageop.c file.

Vulnerability Impact:
Remote exploitation will allow execution of arbitrary
code via large number of integer values to crop module, which leads to a buffer overflow
(Segmentation fault).

Affected Software/OS:
Python 1.5.2 to 2.5.1.

Solution:
Update to Python 2.5.2 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-4864
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 31932
http://www.securityfocus.com/bid/31932
BugTraq ID: 31976
http://www.securityfocus.com/bid/31976
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://scary.beasts.org/security/CESA-2008-008.html
http://www.openwall.com/lists/oss-security/2008/10/27/2
http://www.openwall.com/lists/oss-security/2008/10/29/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10702
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8354
http://secunia.com/advisories/33937
http://secunia.com/advisories/37471
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: python-image-module-bo(46606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46606

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800052
Categoría:	Buffer overflow
Título:	Python Imageop Module imageop.crop() BOF Vulnerability - Windows
Resumen:	Python is prone to a buffer overflow vulnerability.
Descripción:	Summary: Python is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw exists due the way module imageop.crop() handles the arguments as input in imageop.c file. Vulnerability Impact: Remote exploitation will allow execution of arbitrary code via large number of integer values to crop module, which leads to a buffer overflow (Segmentation fault). Affected Software/OS: Python 1.5.2 to 2.5.1. Solution: Update to Python 2.5.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4864 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 31932 http://www.securityfocus.com/bid/31932 BugTraq ID: 31976 http://www.securityfocus.com/bid/31976 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded http://scary.beasts.org/security/CESA-2008-008.html http://www.openwall.com/lists/oss-security/2008/10/27/2 http://www.openwall.com/lists/oss-security/2008/10/29/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10702 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8354 http://secunia.com/advisories/33937 http://secunia.com/advisories/37471 http://www.vupen.com/english/advisories/2009/3316 XForce ISS Database: python-image-module-bo(46606) https://exchange.xforce.ibmcloud.com/vulnerabilities/46606
Copyright	Copyright (C) 2008 Greenbone AG