Vulnerability CVE-2008-4864 - CERT Civis.Net

Vulnerability Name:

CVE-2008-4864 (CCN-46606)

Assigned:

2008-10-19

Published:

2008-10-19

Updated:

2022-07-05

Summary:

Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-4864

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2009-02-12

Source: CCN
Type: Python Web site
Python Programming Language

Source: CCN
Type: RHSA-2009-1176
Moderate: python security update

Source: CCN
Type: RHSA-2009-1177
Moderate: python security update

Source: CCN
Type: RHSA-2009-1178
Moderate: python security update

Source: CCN
Type: CESA-2008-008 - rev 1
Python VM breakout bugs

Source: MISC
Type: Exploit, Third Party Advisory
http://scary.beasts.org/security/CESA-2008-008.html

Source: CCN
Type: SA33937
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Not Applicable
33937

Source: SECUNIA
Type: Not Applicable
37471

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-001

Source: CONFIRM
Type: Third Party Advisory
http://support.apple.com/kb/HT3438

Source: CCN
Type: ASA-2009-305
python security update (RHSA-2009-1176)

Source: CONFIRM
Type: Permissions Required
http://svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689&view=diff&r1=66689&r2=66688&p1=python/trunk/Modules/imageop.c&p2=/python/trunk/Modules/imageop.c

Source: CCN
Type: Python SVN Repository
projects

Source: CONFIRM
Type: Permissions Required
http://svn.python.org/view?rev=66689&view=rev

Source: CCN
Type: oss-security Mailing List, Mon, 27 Oct 2008 17:22:44 +0100
CVE request -- Python imageop#3

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20081027 CVE request -- Python imageop#3

Source: CCN
Type: oss-security Mailing List, Wed, 29 Oct 2008 11:28:33 +0100
CVE Request - Python imageop

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20081029 CVE Request - Python imageop

Source: CCN
Type: OSVDB ID: 50097
Python imageop Module imageop.c crop Function Multiple Overflows

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Source: BID
Type: Third Party Advisory, VDB Entry
31932

Source: CCN
Type: BID-31932
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability

Source: BID
Type: Exploit, Third Party Advisory, VDB Entry
31976

Source: CCN
Type: BID-31976
RETIRED: Python Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability

Source: CCN
Type: USN-806-1
Python vulnerabilities

Source: CONFIRM
Type: Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: VUPEN
Type: Permissions Required
ADV-2009-3316

Source: XF
Type: Third Party Advisory, VDB Entry
python-image-module-bo(46606)

Source: XF
Type: UNKNOWN
python-image-module-bo(46606)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:10702

Source: OVAL
Type: Broken Link
oval:org.mitre.oval:def:8354

Source: SUSE
Type: SUSE-SR:2009:001
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:python:python:*:*:*:*:*:*:*:* (Version >= 2.5.0 and < 2.5.3)

OR cpe:/a:python:python:*:*:*:*:*:*:*:* (Version >= 1.5.2 and < 2.4.6)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:python:python:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:python:python:1.6:*:*:*:*:*:*:*

OR cpe:/a:python:python:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.0:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.0:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.4:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.5:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.6:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.3:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.4:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.5.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20084864	V	CVE-2008-4864	2017-09-27
oval:org.mitre.oval:def:29294	P	RHSA-2009:1176 -- python security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:13081	P	USN-806-1 -- python2.4, python2.5 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:22809	P	ELSA-2009:1176: python security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:8354	V	VMware python multiple integer overflows vulnerability in the imageop module	2014-01-20
oval:org.mitre.oval:def:10702	V	Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.	2013-04-29
oval:com.redhat.rhsa:def:20091176	P	RHSA-2009:1176: python security update (Moderate)	2009-07-27
oval:com.redhat.rhsa:def:20091177	P	RHSA-2009:1177: python security update (Moderate)	2009-07-27
oval:com.redhat.rhsa:def:20091178	P	RHSA-2009:1178: python security update (Moderate)	2009-07-27