Arbitrary Code Execution

2020-04-1000:35:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

python is vulnerable to arbitrary code execution. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter’s privileges.

CPENameOperatorVersion
pythoneq2.3.4__14.4.el4_6.1
pythoneq2.4.3__21.el5
pythoneq2.4.3__19.el5
pythoneq2.3.4__14.4.el4_6.1
pythoneq2.4.3__21.el5
pythoneq2.4.3__19.el5

Name	Operator	Version
python	eq	2.3.4__14.4.el4_6.1
python	eq	2.4.3__21.el5
python	eq	2.4.3__19.el5
python	eq	2.3.4__14.4.el4_6.1
python	eq	2.4.3__21.el5
python	eq	2.4.3__19.el5

References

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

scary.beasts.org/security/CESA-2008-008.html

secunia.com/advisories/33937

secunia.com/advisories/37471

support.apple.com/kb/HT3438

svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689&view=diff&r1=66689&r2=66688&p1=python/trunk/Modules/imageop.c&p2=/python/trunk/Modules/imageop.c

svn.python.org/view?rev=66689&view=rev

www.openwall.com/lists/oss-security/2008/10/27/2

www.openwall.com/lists/oss-security/2008/10/29/3

www.redhat.com/security/updates/classification/#moderate

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/31932

www.securityfocus.com/bid/31976

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2009/3316

access.redhat.com/errata/RHSA-2009:1176

exchange.xforce.ibmcloud.com/vulnerabilities/46606

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10702