This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200807-01
(Python: Multiple integer overflows)
Multiple vulnerabilities were discovered in Python:
Remahl reported multiple integer overflows in the file imageop.c,
leading to a heap-based buffer overflow (CVE-2008-1679). This issue is
due to an incomplete fix for CVE-2007-4965.
discovered that an integer signedness error in the zlib extension
module might trigger insufficient memory allocation and a buffer
overflow via a negative signed integer (CVE-2008-1721).
Ferguson discovered that insufficient input validation in the
PyString_FromStringAndSize() function might lead to a buffer overflow
A remote attacker could exploit these vulnerabilities to cause a Denial
of Service or possibly the remote execution of arbitrary code with the
privileges of the user running Python.
There is no known workaround at this time.
See also :
The imageop module is no longer built in the unaffected versions.
All Python 2.3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/python-2.3.6-r6'
All Python 2.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r13'
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 33421 (gentoo_GLSA-200807-01.nasl)
Bugtraq ID: 2871528749
CVE ID: CVE-2008-1679CVE-2008-1721CVE-2008-1887
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.