CVE-2007-2052

Related Files

Debian Linux Security Advisory 1620-1

Posted Jul 28, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1620-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.

tags | advisory, vulnerability, python

systems | linux, debian

advisories | CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887

SHA-256 | 6e3e15e9e8b3836df02d4373a1b2c87302d63c013578893c8e1e739ccfe98812

Download | Favorite | View

Debian Linux Security Advisory 1551-1

Posted Apr 21, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1551-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.

tags | advisory, vulnerability, python

systems | linux, debian

advisories | CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887

SHA-256 | 125dbdc0245dce606427e75fa210615b2106ce661d3fa39ee19cc66bf7d20012

Download | Favorite | View

Ubuntu Security Notice 585-1

Posted Mar 13, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 585-1 - Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script. A flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash.

tags | advisory, remote, arbitrary, python

systems | linux, ubuntu

advisories | CVE-2007-2052, CVE-2007-4965

SHA-256 | cd03b8dbf697c6db46fb74e77386209cce8d3588922b6212135c0cea2d1a94f7

Download | Favorite | View

VMware Security Advisory 2008-0003

Posted Feb 22, 2008

Authored by VMware | Site vmware.com

VMware Security Advisory - This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the service console to cause a denial of service or gain privileges. Alin Rad Pop of Secunia Research found a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.

tags | advisory, remote, denial of service, overflow, arbitrary, local, perl, python

advisories | CVE-2007-6015, CVE-2006-7228, CVE-2007-2052, CVE-2007-4965, CVE-2007-4308

SHA-256 | af87f71c42e6aa0e473a56dc13773e081ca262c64e1a2f396e37c8aeff184654

Download | Favorite | View

Mandriva Linux Security Advisory 2007.099

Posted May 10, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An off-by-one error was discovered in the PyLocale_strxfrm function in Python 2.4 and 2.5 that could allow context-dependent attackers the ability to read portions of memory via special manipulations that trigger a buffer over-read due to missing null termination.

tags | advisory, python

systems | linux, mandriva

advisories | CVE-2007-2052

SHA-256 | dd41e54ae7130a49a2fbead064931c74e417371e6cec07091d882cda95862338

Download | Favorite | View