Vulnerability Name:

CVE-2008-5031 (CCN-46612)

Assigned:2008-10-19
Published:2008-10-19
Updated:2019-10-25
Summary:Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c.
Note: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.0 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
1.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-189
CWE-190
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2008-5031

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-02-12

Source: CCN
Type: Python Web site
Python Programming Language

Source: CCN
Type: RHSA-2009-1176
Moderate: python security update

Source: CCN
Type: RHSA-2009-1177
Moderate: python security update

Source: CCN
Type: RHSA-2009-1178
Moderate: python security update

Source: CCN
Type: CESA-2008-008 - rev 1
Python VM breakout bugs

Source: MISC
Type: UNKNOWN
http://scary.beasts.org/security/CESA-2008-008.html

Source: CCN
Type: SA33937
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
33937

Source: SECUNIA
Type: Vendor Advisory
35750

Source: SECUNIA
Type: Vendor Advisory
37471

Source: GENTOO
Type: UNKNOWN
GLSA-200907-16

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-001

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3438

Source: CCN
Type: ASA-2009-305
python security update (RHSA-2009-1176)

Source: CCN
Type: Python SVN Repository
projects: python/trunk/Objects/stringobject.c

Source: CONFIRM
Type: UNKNOWN
http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c

Source: CONFIRM
Type: UNKNOWN
http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c

Source: CONFIRM
Type: UNKNOWN
http://svn.python.org/view?rev=61350&view=rev

Source: CCN
Type: GLSA-200907-16
Python: Integer overflows

Source: CCN
Type: oss-security Mailing List, Wed, 05 Nov 2008 12:10:54 +0100
CVE Request - Python string expandtabs

Source: MLIST
Type: UNKNOWN
[oss-security] 20081105 CVE Request - Python string expandtabs

Source: CCN
Type: oss-security Mailing List, Wed, 5 Nov 2008 11:27:16 -0800
Re: CVE Request - Python string expandtabs

Source: MLIST
Type: UNKNOWN
[oss-security] 20081105 Re: CVE Request - Python string expandtabs

Source: CCN
Type: OSVDB ID: 47478
Python Multiple Modules Multiple Unspecified Overflows

Source: BUGTRAQ
Type: UNKNOWN
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

Source: CCN
Type: BID-33187
Python 'expandtabs' Multiple Integer Overflow Vulnerabilities

Source: CCN
Type: USN-806-1
Python vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: VUPEN
Type: Vendor Advisory
ADV-2009-3316

Source: XF
Type: UNKNOWN
python-expandtabs-integer-overflow(46612)

Source: XF
Type: UNKNOWN
python-expandtabs-integer-overflow(46612)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11280

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8564

Source: SUSE
Type: SUSE-SR:2009:001
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:python:python:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:python:python:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04:*:lts:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20085031
    V
    		CVE-2008-5031
    2017-09-27
    oval:org.mitre.oval:def:29294
    P
    		RHSA-2009:1176 -- python security update (Moderate)
    2015-08-17
    oval:org.mitre.oval:def:13081
    P
    		USN-806-1 -- python2.4, python2.5 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:22809
    P
    		ELSA-2009:1176: python security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:8564
    V
    		VMware python multiple integer overflows vulnerability
    2014-01-20
    oval:org.mitre.oval:def:11280
    V
    		Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
    2013-04-29
    oval:com.redhat.rhsa:def:20091176
    P
    		RHSA-2009:1176: python security update (Moderate)
    2009-07-27
    oval:com.redhat.rhsa:def:20091177
    P
    		RHSA-2009:1177: python security update (Moderate)
    2009-07-27
    oval:com.redhat.rhsa:def:20091178
    P
    		RHSA-2009:1178: python security update (Moderate)
    2009-07-27
    BACK
    python python 2.2.3
    python python 2.3.7
    python python 2.4.6
    python python 2.5.1
    python python 2.5.2
    apple mac os x 10.5.6
    gentoo linux *
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake multi network firewall 2.0
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    apple mac os x 10.4.11
    apple mac os x server 10.4.11
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    apple mac os x server 10.5.6