Vulnerability Name: CVE-2008-1887 (CCN-41944) Assigned: 2008-04-08 Published: 2008-04-08 Updated: 2022-06-27 Summary: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. CVSS v3 Severity: 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P )5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-120 Vulnerability Consequences: Gain Access References: Source: CCN Type: BugTraq Mailing List, Fri Apr 11 2008 - 15:20:42 CDTIOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows Source: CCN Type: Python Bugs: Issue 2587PyString_FromStringAndSize() to be considered unsafe Source: CONFIRM Type: Exploit, Issue Tracking, Vendor Advisoryhttp://bugs.python.org/issue2587 Source: MITRE Type: CNACVE-2008-1887 Source: APPLE Type: Mailing List, Third Party AdvisoryAPPLE-SA-2009-02-12 Source: SUSE Type: Mailing List, Third Party AdvisorySUSE-SR:2008:017 Source: CCN Type: RHSA-2009-1176Moderate: python security update Source: CCN Type: RHSA-2009-1177Moderate: python security update Source: CCN Type: RHSA-2009-1178Moderate: python security update Source: SECUNIA Type: Not Applicable29889 Source: SECUNIA Type: Not Applicable30872 Source: SECUNIA Type: Not Applicable31255 Source: SECUNIA Type: Not Applicable31365 Source: SECUNIA Type: Not Applicable31518 Source: SECUNIA Type: Not Applicable31687 Source: CCN Type: SA33937Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Not Applicable33937 Source: SECUNIA Type: Not Applicable37471 Source: GENTOO Type: Third Party AdvisoryGLSA-200807-01 Source: CCN Type: Apple Web siteAbout the security content of Security Update 2009-001 Source: CONFIRM Type: Third Party Advisoryhttp://support.apple.com/kb/HT3438 Source: CCN Type: ASA-2009-305python security update (RHSA-2009-1176) Source: CONFIRM Type: Broken Linkhttp://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122 Source: DEBIAN Type: Patch, Third Party AdvisoryDSA-1551 Source: DEBIAN Type: Patch, Third Party AdvisoryDSA-1620 Source: DEBIAN Type: DSA-1551python2.4 -- several vulnerabilities Source: DEBIAN Type: DSA-1620python2.5 -- several vulnerabilities Source: CCN Type: GLSA-200807-01Python: Multiple integer overflows Source: CONFIRM Type: Third Party Advisoryhttp://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900 Source: CCN Type: OSVDB ID: 44730Python PyString_FromStringAndSize Function Memory Allocation Overflow Source: BUGTRAQ Type: Exploit, Third Party Advisory, VDB Entry20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows Source: BUGTRAQ Type: Third Party Advisory, VDB Entry20090824 rPSA-2009-0122-1 idle python Source: BUGTRAQ Type: Third Party Advisory, VDB Entry20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Source: BID Type: Patch, Third Party Advisory, VDB Entry28749 Source: CCN Type: BID-28749Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities Source: CCN Type: USN-632-1Python vulnerabilities Source: UBUNTU Type: Third Party AdvisoryUSN-632-1 Source: CONFIRM Type: Third Party Advisoryhttp://www.vmware.com/security/advisories/VMSA-2009-0016.html Source: VUPEN Type: Permissions RequiredADV-2009-3316 Source: XF Type: Third Party Advisory, VDB Entrypython-pystringfromstringandsize-bo(41944) Source: XF Type: UNKNOWNpython-pystringfromstringandsize-bo(41944) Source: OVAL Type: Third Party Advisoryoval:org.mitre.oval:def:10407 Source: OVAL Type: Third Party Advisoryoval:org.mitre.oval:def:8624 Source: SUSE Type: SUSE-SR:2008:017SUSE Security Summary Report Vulnerable Configuration: Configuration 1 :cpe:/a:python:python:*:*:*:*:*:*:*:* (Version <= 2.5.2)Configuration 2 :cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* OR cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* Configuration 3 :cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 6 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration CCN 1 :cpe:/a:python:python:1.5.2:*:*:*:*:*:*:* OR cpe:/a:python:python:2.2:*:*:*:*:*:*:* OR cpe:/a:python:python:2.2.1:*:*:*:*:*:*:* OR cpe:/a:python:python:2.4.0:*:*:*:*:*:*:* OR cpe:/a:python:python:2.5.0:*:*:*:*:*:*:* OR cpe:/a:python:python:1.6:*:*:*:*:*:*:* OR cpe:/a:python:python:1.6.1:*:*:*:*:*:*:* OR cpe:/a:python:python:2.0:*:*:*:*:*:*:* OR cpe:/a:python:python:2.0.1:*:*:*:*:*:*:* OR cpe:/a:python:python:2.1:*:*:*:*:*:*:* OR cpe:/a:python:python:2.1.1:*:*:*:*:*:*:* OR cpe:/a:python:python:2.1.2:*:*:*:*:*:*:* OR cpe:/a:python:python:2.1.3:*:*:*:*:*:*:* OR cpe:/a:python:python:2.2.2:*:*:*:*:*:*:* OR cpe:/a:python:python:2.2.3:*:*:*:*:*:*:* OR cpe:/a:python:python:2.3.0:*:*:*:*:*:*:* OR cpe:/a:python:python:2.3.1:*:*:*:*:*:*:* OR cpe:/a:python:python:2.3.2:*:*:*:*:*:*:* OR cpe:/a:python:python:2.3.3:*:*:*:*:*:*:* OR cpe:/a:python:python:2.3.4:*:*:*:*:*:*:* OR cpe:/a:python:python:2.3.5:*:*:*:*:*:*:* OR cpe:/a:python:python:2.3.6:*:*:*:*:*:*:* OR cpe:/a:python:python:2.4.1:*:*:*:*:*:*:* OR cpe:/a:python:python:2.4.2:*:*:*:*:*:*:* OR cpe:/a:python:python:2.4.3:*:*:*:*:*:*:* OR cpe:/a:python:python:2.4.4:*:*:*:*:*:*:* OR cpe:/a:python:python:2.5.1:*:*:*:*:*:*:* OR cpe:/a:python:python:2.5.2:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:* OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
python python *
canonical ubuntu linux 7.04
canonical ubuntu linux 7.10
canonical ubuntu linux 8.04
canonical ubuntu linux 6.06
debian debian linux 4.0
python python 1.5.2
python python 2.2
python python 2.2.1
python python 2.4
python python 2.5
python python 1.6
python python 1.6.1
python python 2.0
python python 2.0.1
python python 2.1
python python 2.1.1
python python 2.1.2
python python 2.1.3
python python 2.2.2
python python 2.2.3
python python 2.3
python python 2.3.1
python python 2.3.2
python python 2.3.3
python python 2.3.4
python python 2.3.5
python python 2.3.6
python python 2.4.1
python python 2.4.2
python python 2.4.3
python python 2.4.4
python python 2.5.1
python python 2.5.2
apple mac os x 10.5.6
gentoo linux *
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
redhat enterprise linux 4
mandrakesoft mandrake multi network firewall 2.0
canonical ubuntu 6.06
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2007.1
mandrakesoft mandrake linux 2008.0
debian debian linux 4.0
canonical ubuntu 7.04
redhat enterprise linux 5
canonical ubuntu 7.10
mandrakesoft mandrake linux 2008.0
mandrakesoft mandrake linux 2008.1 x86_64
mandrakesoft mandrake linux 2007.1
apple mac os x 10.4.11
apple mac os x server 10.4.11
mandrakesoft mandrake linux 2008.1
canonical ubuntu 8.04
apple mac os x server 10.5.6