9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
python is vulnerable to arbitrary code execution. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreterβs privileges.
CPE | Name | Operator | Version |
---|---|---|---|
python | eq | 2.3.4__14.4.el4_6.1 | |
python | eq | 2.4.3__21.el5 | |
python | eq | 2.4.3__19.el5 | |
python | eq | 2.3.4__14.4.el4_6.1 | |
python | eq | 2.4.3__21.el5 | |
python | eq | 2.4.3__19.el5 |
bugs.python.org/issue2587
lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
secunia.com/advisories/29889
secunia.com/advisories/30872
secunia.com/advisories/31255
secunia.com/advisories/31365
secunia.com/advisories/31518
secunia.com/advisories/31687
secunia.com/advisories/33937
secunia.com/advisories/37471
security.gentoo.org/glsa/glsa-200807-01.xml
support.apple.com/kb/HT3438
wiki.rpath.com/wiki/Advisories:rPSA-2009-0122
www.debian.org/security/2008/dsa-1551
www.debian.org/security/2008/dsa-1620
www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/archive/1/490776
www.securityfocus.com/archive/1/506056/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/28749
www.ubuntu.com/usn/usn-632-1
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/3316
access.redhat.com/errata/RHSA-2009:1176
exchange.xforce.ibmcloud.com/vulnerabilities/41944
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10407
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8624