exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2014-7185

Status Candidate

Overview

Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.

Related Files

Red Hat Security Advisory 2015-2101-01
Posted Nov 20, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2101-01 - Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory.

tags | advisory, java, web, perl, python
systems | linux, redhat
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185
SHA-256 | cc582ebc49e27cc4fafe81b106e309a23e455c02652176ce97cad6da6638b90a
Apple Security Advisory 2015-08-13-2
Posted Aug 13, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-08-13-2 - OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2009-5044, CVE-2009-5078, CVE-2012-6685, CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2013-7040, CVE-2013-7338, CVE-2013-7422, CVE-2014-0067, CVE-2014-0106, CVE-2014-0191, CVE-2014-1912, CVE-2014-3581, CVE-2014-3583, CVE-2014-3613, CVE-2014-3620, CVE-2014-3660, CVE-2014-3707, CVE-2014-7185, CVE-2014-7844, CVE-2014-8109, CVE-2014-8150, CVE-2014-8151, CVE-2014-8161, CVE-2014-8767, CVE-2014-8769
SHA-256 | 1ccd5f307af57152abb6e4f0da773ca4420fb7a6e98f26301366a9071ecc9a33
Red Hat Security Advisory 2015-1330-01
Posted Jul 22, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1330-01 - Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer.

tags | advisory, java, overflow, perl, python
systems | linux, redhat
advisories | CVE-2013-1752, CVE-2014-1912, CVE-2014-4650, CVE-2014-7185
SHA-256 | 86acf923f3d4731743976325c7a7a70ef4af62a60ea0a6aae6fa1075259c53be
Ubuntu Security Notice USN-2653-1
Posted Jun 25, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2653-1 - It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, web, denial of service, imap, protocol, python
systems | linux, ubuntu
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185
SHA-256 | c92a23a6c2ffef9c5e260503201c22b883bc893d34393a43e5e16c00a1a6be64
Red Hat Security Advisory 2015-1064-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1064-01 - Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The python27-python packages have been upgraded to upstream version 2.7.8, which provides numerous bug fixes over the previous version.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-1912, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185
SHA-256 | c0e3cc2e371398b78ff43e1a431500d56f2413e503a376c528eedca74106238f
Mandriva Linux Security Advisory 2015-075
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-075 - A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules. Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules. A gzip bomb and unbound read denial of service flaw in python XMLRPC library. Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. Python before 2.7.8 is vulnerable to an integer overflow in the buffer type. When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking. The python-pip and tix packages was added due to missing build dependencies.

tags | advisory, web, denial of service, overflow, arbitrary, cgi, root, python
systems | linux, mandriva
advisories | CVE-2013-1752, CVE-2013-1753, CVE-2014-1912, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185, CVE-2014-9365
SHA-256 | 3b0a1e39fae22b4d6476806ca1197785de85b0ad0d0836ae88ff10eef9f34bcf
Gentoo Linux Security Advisory 201503-10
Posted Mar 19, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201503-10 - Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. Versions less than 3.3.5-r1 are affected.

tags | advisory, arbitrary, vulnerability, code execution, python
systems | linux, gentoo
advisories | CVE-2013-1752, CVE-2013-7338, CVE-2014-1912, CVE-2014-2667, CVE-2014-4616, CVE-2014-7185, CVE-2014-9365
SHA-256 | a9f61c24dc4fd90eec4a4d961874d8c10caaa2a0e38947b49c08bc7818eb3b95
Mandriva Linux Security Advisory 2014-197
Posted Oct 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-197 - Python before 2.7.8 is vulnerable to an integer overflow in the buffer type.

tags | advisory, overflow, python
systems | linux, mandriva
advisories | CVE-2014-7185
SHA-256 | 2c5b78300ec62d5bed39649532139fdd19a0f28439c2e6cd1b55641216103867
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close