English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61509
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-632-1 (python2.5)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to python2.5
announced via advisory USN-632-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

It was discovered that there were new integer overflows in the imageop
module. If an attacker were able to trick a Python application into
processing a specially crafted image, they could execute arbitrary code
with user privileges. (CVE-2008-1679)

Justin Ferguson discovered that the zlib module did not correctly
handle certain archives. If an attacker were able to trick a Python
application into processing a specially crafted archive file, they could
execute arbitrary code with user privileges. (CVE-2008-1721)

Justin Ferguson discovered that certain string manipulations in Python
could be made to overflow. If an attacker were able to pass a specially
crafted string through the PyString_FromStringAndSize function, they
could execute arbitrary code with user privileges. (CVE-2008-1887)

Multiple integer overflows were discovered in Python's core and modules
including hashlib, binascii, pickle, md5, stringobject, unicodeobject,
bufferobject, longobject, tupleobject, stropmodule, gcmodule, and
mmapmodule. If an attacker were able to exploit these flaws they could
execute arbitrary code with user privileges or cause Python applications
to crash, leading to a denial of service. (CVE-2008-2315, CVE-2008-2316,
CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
python2.4 2.4.3-0ubuntu6.2
python2.4-minimal 2.4.3-0ubuntu6.2

Ubuntu 7.04:
python2.4 2.4.4-2ubuntu7.2
python2.4-minimal 2.4.4-2ubuntu7.2
python2.5 2.5.1-0ubuntu1.2
python2.5-minimal 2.5.1-0ubuntu1.2

Ubuntu 7.10:
python2.4 2.4.4-6ubuntu4.2
python2.4-minimal 2.4.4-6ubuntu4.2
python2.5 2.5.1-5ubuntu5.2
python2.5-minimal 2.5.1-5ubuntu5.2

Ubuntu 8.04 LTS:
python2.4 2.4.5-1ubuntu4.1
python2.4-minimal 2.4.5-1ubuntu4.1
python2.5 2.5.2-2ubuntu4.1
python2.5-minimal 2.5.2-2ubuntu4.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-632-1

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1679
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Debian Security Information: DSA-1551 (Google Search)
http://www.debian.org/security/2008/dsa-1551
Debian Security Information: DSA-1620 (Google Search)
http://www.debian.org/security/2008/dsa-1620
http://security.gentoo.org/glsa/glsa-200807-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
http://www.mandriva.com/security/advisories?name=MDVSA-2008:164
http://bugs.python.org/msg64682
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10583
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7800
http://secunia.com/advisories/29889
http://secunia.com/advisories/29955
http://secunia.com/advisories/30872
http://secunia.com/advisories/31255
http://secunia.com/advisories/31358
http://secunia.com/advisories/31365
http://secunia.com/advisories/31518
http://secunia.com/advisories/31687
http://secunia.com/advisories/33937
http://secunia.com/advisories/38675
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://www.ubuntu.com/usn/usn-632-1
XForce ISS Database: python-imageopc-bo(41958)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41958
Common Vulnerability Exposure (CVE) ID: CVE-2008-1721
BugTraq ID: 28715
http://www.securityfocus.com/bid/28715
Bugtraq: 20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module (Google Search)
http://www.securityfocus.com/archive/1/490690/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2008:085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8249
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8494
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9407
http://www.securitytracker.com/id?1019823
http://secunia.com/advisories/37471
http://securityreason.com/securityalert/3802
http://www.vupen.com/english/advisories/2008/1229/references
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: zlib-pystringfromstringandsize-bo(41748)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41748
Common Vulnerability Exposure (CVE) ID: CVE-2008-1887
BugTraq ID: 28749
http://www.securityfocus.com/bid/28749
Bugtraq: 20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows (Google Search)
http://www.securityfocus.com/archive/1/490776
Bugtraq: 20090824 rPSA-2009-0122-1 idle python (Google Search)
http://www.securityfocus.com/archive/1/506056/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624
XForce ISS Database: python-pystringfromstringandsize-bo(41944)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41944
Common Vulnerability Exposure (CVE) ID: CVE-2008-2315
BugTraq ID: 30491
http://www.securityfocus.com/bid/30491
Debian Security Information: DSA-1667 (Google Search)
http://www.debian.org/security/2008/dsa-1667
http://security.gentoo.org/glsa/glsa-200807-16.xml
http://www.openwall.com/lists/oss-security/2008/11/05/2
http://www.openwall.com/lists/oss-security/2008/11/05/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761
http://secunia.com/advisories/31305
http://secunia.com/advisories/31332
http://secunia.com/advisories/32793
http://www.vupen.com/english/advisories/2008/2288
XForce ISS Database: python-modules-bo(44172)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44172
XForce ISS Database: python-multiple-bo(44173)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44173
Common Vulnerability Exposure (CVE) ID: CVE-2008-2316
Bugtraq: 20080813 rPSA-2008-0243-1 idle python (Google Search)
http://www.securityfocus.com/archive/1/495445/100/0/threaded
http://secunia.com/advisories/31473
XForce ISS Database: python-hashlib-overflow(44174)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44174
Common Vulnerability Exposure (CVE) ID: CVE-2008-3142
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8422
XForce ISS Database: python-unicode-bo(44170)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44170
Common Vulnerability Exposure (CVE) ID: CVE-2008-3143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7720
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8996
Common Vulnerability Exposure (CVE) ID: CVE-2008-3144
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10170
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7725
XForce ISS Database: python-pyosvsnprintf-bo(44171)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44171
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.