Vulnerability CVE-2008-1679

Vulnerability Name:

CVE-2008-1679 (CCN-41958)

Assigned:

2008-03-29

Published:

2008-03-29

Updated:

2023-08-02

Summary:

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Python Bugs: Issue 1179
Integer overflow in imageop module

Source: cve@mitre.org
Type: Issue Tracking, Vendor Advisory
cve@mitre.org

Source: CCN
Type: Python Bugs: Message 64682
Message64682

Source: cve@mitre.org
Type: Issue Tracking, Vendor Advisory
cve@mitre.org

Source: MITRE
Type: CNA
CVE-2008-1679

Source: cve@mitre.org
Type: Mailing List
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Python Web site
Python Programming Language

Source: CCN
Type: RHSA-2009-1177
Moderate: python security update

Source: CCN
Type: RHSA-2009-1178
Moderate: python security update

Source: CCN
Type: SA33937
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: CCN
Type: SA38675
Avaya CMS Solaris Python Multiple Vulnerabilities

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-001

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: ASA-2010-050
Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code (Sun 273570)

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Python SVN Repository
projects

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: DEBIAN
Type: DSA-1551
python2.4 -- several vulnerabilities

Source: DEBIAN
Type: DSA-1620
python2.5 -- several vulnerabilities

Source: CCN
Type: GLSA-200807-01
Python: Multiple integer overflows

Source: cve@mitre.org
Type: Broken Link, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: BID-31932
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability

Source: CCN
Type: BID-31976
RETIRED: Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability

Source: CCN
Type: USN-632-1
Python vulnerabilities

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: VDB Entry
cve@mitre.org

Source: XF
Type: UNKNOWN
python-imageopc-bo(41958)

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: SUSE
Type: SUSE-SR:2008:017
SUSE Security Summary Report

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:python:python:2.4.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20081679	V	CVE-2008-1679	2017-09-27
oval:org.mitre.oval:def:17381	P	USN-632-1 -- python2.4, python2.5 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:7981	P	DSA-1620 python2.5 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:18481	P	DSA-1551-1 python2.4 - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:8152	P	DSA-1551 python2.4 -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:20188	P	DSA-1620-1 python2.5 - several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:10583	V	Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.	2013-04-29
oval:org.mitre.oval:def:7800	V	Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code	2010-03-01
oval:com.redhat.rhsa:def:20091177	P	RHSA-2009:1177: python security update (Moderate)	2009-07-27
oval:com.redhat.rhsa:def:20091178	P	RHSA-2009:1178: python security update (Moderate)	2009-07-27
oval:org.debian:def:1620	V	several vulnerabilities	2008-07-27
oval:org.debian:def:1551	V	several vulnerabilities	2008-04-19

BACK