what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

CVE-2007-4965

Status Candidate

Overview

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Related Files

Debian Linux Security Advisory 1620-1
Posted Jul 28, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1620-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.

tags | advisory, vulnerability, python
systems | linux, debian
advisories | CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887
MD5 | 2f4fbaf034191b48a5243837efbad92c
Gentoo Linux Security Advisory 200807-1
Posted Jul 1, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200807-01 - Multiple integer overflows may allow for Denial of Service. Versions less than 2.4.4-r13 are affected.

tags | advisory, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887
MD5 | 9754f003ee383327a4cf504dfc48d95e
Debian Linux Security Advisory 1551-1
Posted Apr 21, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1551-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.

tags | advisory, vulnerability, python
systems | linux, debian
advisories | CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887
MD5 | a4a07e88ffe379e85df8a36fe88b84c7
Ubuntu Security Notice 585-1
Posted Mar 13, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 585-1 - Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script. A flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash.

tags | advisory, remote, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2007-2052, CVE-2007-4965
MD5 | 0c7215efe5f82a111877a450bcbf14d0
VMware Security Advisory 2008-0003
Posted Feb 22, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the service console to cause a denial of service or gain privileges. Alin Rad Pop of Secunia Research found a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.

tags | advisory, remote, denial of service, overflow, arbitrary, local, perl, python
advisories | CVE-2007-6015, CVE-2006-7228, CVE-2007-2052, CVE-2007-4965, CVE-2007-4308
MD5 | 8d6ba6de591011e681d822a518441843
Mandriva Linux Security Advisory 2008-013
Posted Jan 14, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.

tags | advisory, overflow, arbitrary, python
systems | linux, mandriva
advisories | CVE-2007-4965
MD5 | b5e65cb8e1d0632cc910452e440a7501
Mandriva Linux Security Advisory 2008-012
Posted Jan 14, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An integer overflow flaw was discovered in how python's pcre module handled certain regular expressions. If a python application using the pcre module were to compile and execute untrusted regular expressions, it could possibly lead to an application crash or the execution of arbitrary code with the privileges of the python interpreter. Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.

tags | advisory, overflow, arbitrary, python
systems | linux, mandriva
advisories | CVE-2006-7228, CVE-2007-4965
MD5 | cb9f373cc74b45624bba55e90191bd4a
Gentoo Linux Security Advisory 200711-7
Posted Nov 7, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-07 - Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo() method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Versions less than 2.4.4-r6 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-4965
MD5 | 5e6a79a6694e21971b2fc94f992cac20
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close