Buffer overflow : Python Multiple Integer Overflow Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800056

Categoría: Buffer overflow

Título: Python Multiple Integer Overflow Vulnerabilities - Windows

Resumen: Python is prone to an integer overflow vulnerability.

Descripción: Summary:
Python is prone to an integer overflow vulnerability.

Vulnerability Insight:
The flaw exists due the way it handles large integer values
in the tabsize arguments as input to expandtabs methods (string_expandtabs and nicode_expandtabs)
in stringobject.c and unicodeobject.c.

Vulnerability Impact:
Remote exploitation will allow execution of arbitrary code
via large number of integer values to modules.

Affected Software/OS:
Python 2.5.2.

Solution:
Update to Python 2.5.5 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5031
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://security.gentoo.org/glsa/glsa-200907-16.xml
http://scary.beasts.org/security/CESA-2008-008.html
http://www.openwall.com/lists/oss-security/2008/11/05/2
http://www.openwall.com/lists/oss-security/2008/11/05/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564
http://secunia.com/advisories/33937
http://secunia.com/advisories/35750
http://secunia.com/advisories/37471
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: python-expandtabs-integer-overflow(46612)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46612

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800056
Categoría:	Buffer overflow
Título:	Python Multiple Integer Overflow Vulnerabilities - Windows
Resumen:	Python is prone to an integer overflow vulnerability.
Descripción:	Summary: Python is prone to an integer overflow vulnerability. Vulnerability Insight: The flaw exists due the way it handles large integer values in the tabsize arguments as input to expandtabs methods (string_expandtabs and nicode_expandtabs) in stringobject.c and unicodeobject.c. Vulnerability Impact: Remote exploitation will allow execution of arbitrary code via large number of integer values to modules. Affected Software/OS: Python 2.5.2. Solution: Update to Python 2.5.5 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5031 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded http://security.gentoo.org/glsa/glsa-200907-16.xml http://scary.beasts.org/security/CESA-2008-008.html http://www.openwall.com/lists/oss-security/2008/11/05/2 http://www.openwall.com/lists/oss-security/2008/11/05/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11280 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8564 http://secunia.com/advisories/33937 http://secunia.com/advisories/35750 http://secunia.com/advisories/37471 http://www.vupen.com/english/advisories/2009/3316 XForce ISS Database: python-expandtabs-integer-overflow(46612) https://exchange.xforce.ibmcloud.com/vulnerabilities/46612
Copyright	Copyright (C) 2008 Greenbone AG