Vulnerability Bulletins |
Desbordamiento de búfer en python 2.2 y 2.2.1 |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software |
python 2.2 python 2.2.1 |
Description |
|
Se ha descubierto una vulnerabilidad de desbordamiento de búfer en las versiones 2.2 y 2.2.1 de python con el soporte IPv6 desactivado. El desbordamiento de buffer, que se produce en el stack, se encuentra en la función getaddrinfo(). La explotación de esta vulnerabilidad podría permitir a un atacante remoto la ejecución remota de código mediante una dirección IPv6 especialmente diseñada dada vía DNS. | |
Solution |
|
Aplique los mecanismos de actualización propios de su distribución, o bien obtenga las fuentes del software y compílelo usted mismo. Actualización de software Python Python 2.2.3 http://www.python.org/2.2.3/ Debian Linux Debian GNU 3.0 Source http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.dsc http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.diff.gz http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.6_all.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.6_all.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.6_all.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.6_all.deb Alpha http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_alpha.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_alpha.deb ARM http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_arm.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_i386.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_ia64.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_ia64.deb HP Precision http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_hppa.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_m68k.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mips.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mipsel.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_powerpc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_s390.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_sparc.deb http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_sparc.deb Mandrake Linux Mandrake Linux 9.0 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/libpython2.2-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/libpython2.2-devel-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/python-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/python-base-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/python-docs-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/RPMS/tkinter-2.2.1-14.4.90mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/9.0/SRPMS/python-2.2.1-14.4.90mdk.src.rpm Corporate Server 2.1 i386 ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/libpython2.2-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/python-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/python-base-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/python-docs-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/RPMS/tkinter-2.2.1-14.4.C21mdk.i586.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/corporate/2.1/SRPMS/python-2.2.1-14.4.C21mdk.src.rpm x86_64 ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/python-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.4.C21mdk.x86_64.rpm ftp://ftp.rediris.es/mirror/mandrake/updates/x86_64/corporate/2.1/SRPMS/python-2.2.1-14.4.C21mdk.src.rpm |
|
Standar resources |
|
Property | Value |
CVE | CAN-2004-0150 |
BID | |
Other resources |
|
Debian Security Advisory DSA 458-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00055.html Debian Security Advisory DSA 458-2 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00146.html Debian Security Advisory DSA 458-3 http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00166.html MandrakeSoft Security Advisory MDKSA-2004:019 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:019 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-03-10 |
1.1 | Aviso emitido por Debian (DSA 458-2) | 2004-09-02 |
1.2 | Aviso actualizado por Debian (DSA 458-3) | 2004-10-13 |