Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
python
(Unknown)
Описание
Целочисленное переполнение в Python позволяет злоумышленникам воздействовать на систему, используя большое целое значение в аргументе tabsize в методе expandtabs, как реализовано в функции string_expandtabs в Objects/stringobject.c и в функции unicode_expandtabs в Objects/unicodeobject.c.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.python.org/
http://www.python.org/
Ссылки
MLIST ([oss-security] 20081105 Re: CVE Request - Python string expandtabs): http://www.openwall.com/lists/oss-security/2008/11/05/3
MLIST ([oss-security] 20081105 CVE Request - Python string expandtabs): http://www.openwall.com/lists/oss-security/2008/11/05/2
CONFIRM (http://svn.python.org/view?rev=61350&view=rev): http://svn.python.org/view?rev=61350&view=rev
CONFIRM (http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c): http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c
CONFIRM (http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c): http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c
CONFIRM (http://support.apple.com/kb/HT3438): http://support.apple.com/kb/HT3438
GENTOO (GLSA-200907-16): http://security.gentoo.org/glsa/glsa-200907-16.xml
MISC (http://scary.beasts.org/security/CESA-2008-008.html): http://scary.beasts.org/security/CESA-2008-008.html
APPLE (APPLE-SA-2009-02-12): http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
MLIST ([oss-security] 20081105 CVE Request - Python string expandtabs): http://www.openwall.com/lists/oss-security/2008/11/05/2
CONFIRM (http://svn.python.org/view?rev=61350&view=rev): http://svn.python.org/view?rev=61350&view=rev
CONFIRM (http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c): http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c
CONFIRM (http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c): http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c
CONFIRM (http://support.apple.com/kb/HT3438): http://support.apple.com/kb/HT3438
GENTOO (GLSA-200907-16): http://security.gentoo.org/glsa/glsa-200907-16.xml
MISC (http://scary.beasts.org/security/CESA-2008-008.html): http://scary.beasts.org/security/CESA-2008-008.html
APPLE (APPLE-SA-2009-02-12): http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html