Python DNS Response Overflow

2004-03-10T03:16:46
ID OSVDB:4172
Type osvdb
Reporter Sebastian Krahmer(krahmer@suse.de)
Modified 2004-03-10T03:16:46

Description

Vulnerability Description

A remote overflow exists in the getaddrinfo() function in Python. Python fails to handle an IPv6 DNS address, if IPv6 is not enabled, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed on the vulnerable server.

Solution Description

Upgrade to version 2.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in the getaddrinfo() function in Python. Python fails to handle an IPv6 DNS address, if IPv6 is not enabled, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed on the vulnerable server.

References:

Vendor Specific Solution URL: http://www.python.org/download/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11080 Secunia Advisory ID:12452 ISS X-Force ID: 15409 CVE-2004-0150 Bugtraq ID: 9836