BUGTRAQ ID: 30491
CVE ID:CVE-2008-2315
CVE-2008-2316
CVE-2008-3142
CVE-2008-3143
CVE-2008-3144
CNCVE ID:CNCVE-20082315
CNCVE-20082316
CNCVE-20083142
CNCVE-20083143
CNCVE-20083144
Python是一款开放源代码的脚本编程语言。
Python中存在多个整数溢出漏洞,远程攻击者可以利用漏洞对应用程序进行拒绝服务或者任意代码执行攻击。
static
int unicode_resize(register PyUnicodeObject *unicode,
Py_ssize_t length)
{
[…]
oldstr = unicode->str;
PyMem_RESIZE(unicode->str, Py_UNICODE, length + 1);
[…]
unicode->str[length] = 0;
unicode->length = length;
#define PyMem_RESIZE(p, type, n)
( assert((n) <= PY_SIZE_MAX / sizeof(type)) ,
( (p) = (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) )
int
PyOS_vsnprintf(char *str, size_t size, const char format, va_list va)
{
int len; / # bytes written, excluding \0 */
[…]
assert(str != NULL);
assert(size > 0);
assert(format != NULL);
[…]
/* Emulate it. */
buffer = PyMem_MALLOC(size + 512);
if (buffer == NULL) {
len = -666;
goto Done;
}
len = vsprintf(buffer, format, va);
if (len < 0)
/* ignore the error */;
else if ((size_t)len >= size + 512)
Py_FatalError("Buffer overflow in
PyOS_snprintf/PyOS_vsnprintf");
else {
const size_t to_copy = (size_t)len < size ?
(size_t)len : size - 1;
assert(to_copy < size);
memcpy(str, buffer, to_copy);
str[to_copy] = '\0';
}
PyMem_FREE(buffer);
Done:
[…]
str[size-1] = ‘\0’;
return len;
}
int
PyOS_vsnprintf(char *str, size_t size, const char format, va_list va)
{
int len; / # bytes written, excluding \0 */
#ifndef HAVE_SNPRINTF
char *buffer;
#endif
assert(str != NULL);
assert(size > 0);
assert(format != NULL);
[…]
len = vsnprintf(str, size, format, va);
[…]
str[size-1] = ‘\0’;
return len;
}
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 lpia
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux 11.0
Slackware Linux -current
Python Software Foundation Python 2.5.2
Python Software Foundation Python 2.5.1
Python Software Foundation Python 2.4.4
Python Software Foundation Python 2.4.3
Gentoo可参考如下安全公告获得相应补丁:
<a href=“http://security.gentoo.org/glsa/glsa-200807-16.xml” target=“_blank”>http://security.gentoo.org/glsa/glsa-200807-16.xml</a>
Python 2.4用户应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r14"
Python 2.5用户应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.2-r6"
Python已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://svn.python.org/view?rev=65335&view=rev” target=“_blank”>http://svn.python.org/view?rev=65335&view=rev</a>