Python 'socket.recvfrom_into' Buffer Overflow Vulnerability Mar14 (Windows) Network Vulnerability

Summary

This host is installed with Python and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allow a remote attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. Impact Level: System/Application

Solution

Upgrade to Python version 2.7.7, 3.3.4 or later. For updates refer www.python.org/download/ Or Apply the appropriate patch from below link, http://bugs.python.org/issue20246 ***** NOTE: Ignore this warning if patch is already applied. *****

Insight

Flaw is due to a boundary error within the 'sock_recvfrom_into' function.

Affected

Python version 2.5 before 2.7.7 and 3.x before 3.3.4

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://bugs.python.org/issue20246
http://pastebin.com/raw.php?i=GHXSmNEg
http://secunia.com/advisories/56624
http://www.exploit-db.com/exploits/31875
http://www.osvdb.com/102929
http://www.securitytracker.com/id/1029831

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1912
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
CCProxy CONNECTION Request Buffer Overflow Vulnerability
CuteFTP Heap Based Buffer Overflow Vulnerability
Adobe Air Buffer Overflow Vulnerability (Windows)
Adobe Air Buffer Overflow Vulnerability (Mac OS X)

Take action and discover your vulnerabilities