The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and
2.4, when used by XML-RPC servers that use the register_instance method to
register an object without a _dispatch method, allows remote attackers to
read or modify globals of the associated module, and possibly execute
arbitrary code, via dotted attributes.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | python2.2 | < 2.2.3dfsg-4 | UNKNOWN |
ubuntu | 6.06 | noarch | python2.3 | < 2.3.5-9ubuntu1.2 | UNKNOWN |
ubuntu | 6.06 | noarch | python2.4 | < 2.4.3-0ubuntu6 | UNKNOWN |
ubuntu | 6.10 | noarch | python2.4 | < 2.4.4~c1-0ubuntu1 | UNKNOWN |
ubuntu | 7.04 | noarch | python2.4 | < 2.4.4~c1-0ubuntu1 | UNKNOWN |
ubuntu | 6.10 | noarch | python2.5 | < 2.5-2ubuntu2 | UNKNOWN |
ubuntu | 7.04 | noarch | python2.5 | < 2.5-2ubuntu2 | UNKNOWN |