Vulnerability Name:

CVE-2008-1887 (CCN-41944)

Assigned:2008-04-08
Published:2008-04-08
Updated:2022-06-27
Summary:Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-120
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Apr 11 2008 - 15:20:42 CDT
IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows

Source: CCN
Type: Python Bugs: Issue 2587
PyString_FromStringAndSize() to be considered unsafe

Source: CONFIRM
Type: Exploit, Issue Tracking, Vendor Advisory
http://bugs.python.org/issue2587

Source: MITRE
Type: CNA
CVE-2008-1887

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2009-02-12

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SR:2008:017

Source: CCN
Type: RHSA-2009-1176
Moderate: python security update

Source: CCN
Type: RHSA-2009-1177
Moderate: python security update

Source: CCN
Type: RHSA-2009-1178
Moderate: python security update

Source: SECUNIA
Type: Not Applicable
29889

Source: SECUNIA
Type: Not Applicable
30872

Source: SECUNIA
Type: Not Applicable
31255

Source: SECUNIA
Type: Not Applicable
31365

Source: SECUNIA
Type: Not Applicable
31518

Source: SECUNIA
Type: Not Applicable
31687

Source: CCN
Type: SA33937
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Not Applicable
33937

Source: SECUNIA
Type: Not Applicable
37471

Source: GENTOO
Type: Third Party Advisory
GLSA-200807-01

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-001

Source: CONFIRM
Type: Third Party Advisory
http://support.apple.com/kb/HT3438

Source: CCN
Type: ASA-2009-305
python security update (RHSA-2009-1176)

Source: CONFIRM
Type: Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122

Source: DEBIAN
Type: Patch, Third Party Advisory
DSA-1551

Source: DEBIAN
Type: Patch, Third Party Advisory
DSA-1620

Source: DEBIAN
Type: DSA-1551
python2.4 -- several vulnerabilities

Source: DEBIAN
Type: DSA-1620
python2.5 -- several vulnerabilities

Source: CCN
Type: GLSA-200807-01
Python: Multiple integer overflows

Source: CONFIRM
Type: Third Party Advisory
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

Source: CCN
Type: OSVDB ID: 44730
Python PyString_FromStringAndSize Function Memory Allocation Overflow

Source: BUGTRAQ
Type: Exploit, Third Party Advisory, VDB Entry
20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20090824 rPSA-2009-0122-1 idle python

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
28749

Source: CCN
Type: BID-28749
Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities

Source: CCN
Type: USN-632-1
Python vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-632-1

Source: CONFIRM
Type: Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: VUPEN
Type: Permissions Required
ADV-2009-3316

Source: XF
Type: Third Party Advisory, VDB Entry
python-pystringfromstringandsize-bo(41944)

Source: XF
Type: UNKNOWN
python-pystringfromstringandsize-bo(41944)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:10407

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:8624

Source: SUSE
Type: SUSE-SR:2008:017
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:python:python:*:*:*:*:*:*:*:* (Version <= 2.5.2)

  • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

  • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

  • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

  • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

  • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:python:python:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20081887
    V
    CVE-2008-1887
    2022-09-02
    oval:org.mitre.oval:def:29294
    P
    RHSA-2009:1176 -- python security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:17381
    P
    USN-632-1 -- python2.4, python2.5 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20188
    P
    DSA-1620-1 python2.5 - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:7981
    P
    DSA-1620 python2.5 -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:8152
    P
    DSA-1551 python2.4 -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:18481
    P
    DSA-1551-1 python2.4 - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:22809
    P
    ELSA-2009:1176: python security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:8624
    V
    VMware python PyString_FromStringAndSize function vulnerability
    2014-01-20
    oval:org.mitre.oval:def:10407
    V
    Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
    2013-04-29
    oval:com.redhat.rhsa:def:20091176
    P
    RHSA-2009:1176: python security update (Moderate)
    2009-07-27
    oval:com.redhat.rhsa:def:20091177
    P
    RHSA-2009:1177: python security update (Moderate)
    2009-07-27
    oval:com.redhat.rhsa:def:20091178
    P
    RHSA-2009:1178: python security update (Moderate)
    2009-07-27
    oval:org.debian:def:1620
    V
    several vulnerabilities
    2008-07-27
    oval:org.debian:def:1551
    V
    several vulnerabilities
    2008-04-19
    BACK
    python python *
    canonical ubuntu linux 7.04
    canonical ubuntu linux 7.10
    canonical ubuntu linux 8.04
    canonical ubuntu linux 6.06
    debian debian linux 4.0
    python python 1.5.2
    python python 2.2
    python python 2.2.1
    python python 2.4
    python python 2.5
    python python 1.6
    python python 1.6.1
    python python 2.0
    python python 2.0.1
    python python 2.1
    python python 2.1.1
    python python 2.1.2
    python python 2.1.3
    python python 2.2.2
    python python 2.2.3
    python python 2.3
    python python 2.3.1
    python python 2.3.2
    python python 2.3.3
    python python 2.3.4
    python python 2.3.5
    python python 2.3.6
    python python 2.4.1
    python python 2.4.2
    python python 2.4.3
    python python 2.4.4
    python python 2.5.1
    python python 2.5.2
    apple mac os x 10.5.6
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake multi network firewall 2.0
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2007.1
    apple mac os x 10.4.11
    apple mac os x server 10.4.11
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04
    apple mac os x server 10.5.6