Summary
The host is installed Python, which is prone to multiple vulnerabilities.
This NVT has been replaced by NVT gb_CESA-2009_1176_python_centos5_i386.nasl (OID:1.3.6.1.4.1.25623.1.0.880881), gb_CESA-2009_1178_python_centos3_i386.nasl (OID:1.3.6.1.4.1.25623.1.0.880715).
Impact
Successful exploitation could potentially causes attackers to execute arbitrary code or create a denial of service condition.
Impact Level : Application
Solution
Fix is available in the SVN repository,
http://svn.python.org
Insight
The flaws exists due to integer overflow in,
- hashlib module, which can lead to an unreliable cryptographic digest results.
- the processing of unicode strings.
- the PyOS_vsnprintf() function on architectures that do not have a vsnprintf() function.
- the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.
Affected
Python 2.5.2 and prior on Linux (All).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- BigAnt IM Server HTTP GET Request Buffer Overflow Vulnerability
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS X)
- Apache mod_proxy content-length buffer overflow
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- Buffer Overflow Vulnerability in Adobe Reader (Linux)