Vulnerability Bulletins

int(674)

Vulnerability Bulletins

Desbordamiento de búfer en python 2.2 y 2.2.1
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	python 2.2 python 2.2.1
Description
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en las versiones 2.2 y 2.2.1 de python con el soporte IPv6 desactivado. El desbordamiento de buffer, que se produce en el stack, se encuentra en la función getaddrinfo(). La explotación de esta vulnerabilidad podría permitir a un atacante remoto la ejecución remota de código mediante una dirección IPv6 especialmente diseñada dada vía DNS.
Solution
Aplique los mecanismos de actualización propios de su distribución, o bien obtenga las fuentes del software y compílelo usted mismo. Actualización de software Python Python 2.2.3 http://www.python.org/2.2.3/ Debian Linux Debian GNU 3.0 Source http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.dsc http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.diff.gz http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.6_all.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.6_all.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.6_all.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.6_all.deb Alpha http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_alpha.deb ARM http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_ia64.deb HP Precision http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_sparc.deb Mandrake Linux Mandrake Linux 9.0 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/libpython2.2-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/libpython2.2-devel-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/python-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/python-base-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/python-docs-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/tkinter-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/SRPMS/python-2.2.1-14.4.90mdk.src.rpm Corporate Server 2.1 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/libpython2.2-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/python-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/python-base-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/python-docs-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/tkinter-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/SRPMS/python-2.2.1-14.4.C21mdk.src.rpm x86_64 ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/python-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/SRPMS/python-2.2.1-14.4.C21mdk.src.rpm
Standar resources
Property	Value
CVE	CAN-2004-0150
BID
Other resources
Debian Security Advisory DSA 458-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00055.html Debian Security Advisory DSA 458-2 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00146.html Debian Security Advisory DSA 458-3 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00166.html MandrakeSoft Security Advisory MDKSA-2004:019 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:019

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-03-10
1.1	Aviso emitido por Debian (DSA 458-2)	2004-09-02
1.2	Aviso actualizado por Debian (DSA 458-3)	2004-10-13

Vulnerability Bulletins

Desbordamiento de búfer en python 2.2 y 2.2.1

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history