Buffer overflow : Python <= 2.5.2 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900105

Categoría: Buffer overflow

Título: Python <= 2.5.2 Multiple Vulnerabilities - Windows

Resumen: Python is prone to multiple vulnerabilities.

Descripción: Summary:
Python is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws exist due to multiple integer overflows in:

- hashlib module, which can lead to an unreliable cryptographic digest
results.

- the processing of unicode strings.

- the PyOS_vsnprintf() function on architectures that do not have a
vsnprintf() function.

- the PyOS_vsnprintf() function when passing zero-length strings can
lead to memory corruption.

Vulnerability Impact:
Successful exploitation would allow attackers to execute
arbitrary code or create a denial of service condition.

Affected Software/OS:
Python 2.5.2 and prior.

Solution:
A fix is available, please see the references for more
information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2315
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
BugTraq ID: 30491
http://www.securityfocus.com/bid/30491
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Debian Security Information: DSA-1667 (Google Search)
http://www.debian.org/security/2008/dsa-1667
http://security.gentoo.org/glsa/glsa-200807-16.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
http://www.openwall.com/lists/oss-security/2008/11/05/2
http://www.openwall.com/lists/oss-security/2008/11/05/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761
http://secunia.com/advisories/31305
http://secunia.com/advisories/31332
http://secunia.com/advisories/31358
http://secunia.com/advisories/31365
http://secunia.com/advisories/31518
http://secunia.com/advisories/31687
http://secunia.com/advisories/32793
http://secunia.com/advisories/33937
http://secunia.com/advisories/37471
http://secunia.com/advisories/38675
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-632-1
http://www.vupen.com/english/advisories/2008/2288
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: python-modules-bo(44172)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44172
XForce ISS Database: python-multiple-bo(44173)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44173
Common Vulnerability Exposure (CVE) ID: CVE-2008-2316
Bugtraq: 20080813 rPSA-2008-0243-1 idle python (Google Search)
http://www.securityfocus.com/archive/1/495445/100/0/threaded
http://secunia.com/advisories/31473
XForce ISS Database: python-hashlib-overflow(44174)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44174
Common Vulnerability Exposure (CVE) ID: CVE-2008-3142
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422
XForce ISS Database: python-unicode-bo(44170)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44170
Common Vulnerability Exposure (CVE) ID: CVE-2008-3143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996
Common Vulnerability Exposure (CVE) ID: CVE-2008-3144
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10170
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7725
XForce ISS Database: python-pyosvsnprintf-bo(44171)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44171

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900105
Categoría:	Buffer overflow
Título:	Python <= 2.5.2 Multiple Vulnerabilities - Windows
Resumen:	Python is prone to multiple vulnerabilities.
Descripción:	Summary: Python is prone to multiple vulnerabilities. Vulnerability Insight: The flaws exist due to multiple integer overflows in: - hashlib module, which can lead to an unreliable cryptographic digest results. - the processing of unicode strings. - the PyOS_vsnprintf() function on architectures that do not have a vsnprintf() function. - the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption. Vulnerability Impact: Successful exploitation would allow attackers to execute arbitrary code or create a denial of service condition. Affected Software/OS: Python 2.5.2 and prior. Solution: A fix is available, please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2315 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 30491 http://www.securityfocus.com/bid/30491 Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Debian Security Information: DSA-1667 (Google Search) http://www.debian.org/security/2008/dsa-1667 http://security.gentoo.org/glsa/glsa-200807-16.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:163 http://www.mandriva.com/security/advisories?name=MDVSA-2008:164 http://www.openwall.com/lists/oss-security/2008/11/05/2 http://www.openwall.com/lists/oss-security/2008/11/05/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761 http://secunia.com/advisories/31305 http://secunia.com/advisories/31332 http://secunia.com/advisories/31358 http://secunia.com/advisories/31365 http://secunia.com/advisories/31518 http://secunia.com/advisories/31687 http://secunia.com/advisories/32793 http://secunia.com/advisories/33937 http://secunia.com/advisories/37471 http://secunia.com/advisories/38675 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 SuSE Security Announcement: SUSE-SR:2008:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.ubuntu.com/usn/usn-632-1 http://www.vupen.com/english/advisories/2008/2288 http://www.vupen.com/english/advisories/2009/3316 XForce ISS Database: python-modules-bo(44172) https://exchange.xforce.ibmcloud.com/vulnerabilities/44172 XForce ISS Database: python-multiple-bo(44173) https://exchange.xforce.ibmcloud.com/vulnerabilities/44173 Common Vulnerability Exposure (CVE) ID: CVE-2008-2316 Bugtraq: 20080813 rPSA-2008-0243-1 idle python (Google Search) http://www.securityfocus.com/archive/1/495445/100/0/threaded http://secunia.com/advisories/31473 XForce ISS Database: python-hashlib-overflow(44174) https://exchange.xforce.ibmcloud.com/vulnerabilities/44174 Common Vulnerability Exposure (CVE) ID: CVE-2008-3142 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422 XForce ISS Database: python-unicode-bo(44170) https://exchange.xforce.ibmcloud.com/vulnerabilities/44170 Common Vulnerability Exposure (CVE) ID: CVE-2008-3143 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996 Common Vulnerability Exposure (CVE) ID: CVE-2008-3144 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7725 XForce ISS Database: python-pyosvsnprintf-bo(44171) https://exchange.xforce.ibmcloud.com/vulnerabilities/44171
Copyright	Copyright (C) 2008 Greenbone AG