CVE-2007-2052

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934

http://lists.vmware.com/pipermail/security-announce/2008/000005.html

http://secunia.com/advisories/25190

http://secunia.com/advisories/25217

http://secunia.com/advisories/25233

http://secunia.com/advisories/25353

http://secunia.com/advisories/25787

http://secunia.com/advisories/28027

http://secunia.com/advisories/28050

http://secunia.com/advisories/29032

http://secunia.com/advisories/29303

http://secunia.com/advisories/29889

http://secunia.com/advisories/31255

http://secunia.com/advisories/31492

http://secunia.com/advisories/37471

http://www.debian.org/security/2008/dsa-1551

http://www.debian.org/security/2008/dsa-1620

http://www.mandriva.com/security/advisories?name=MDKSA-2007:099

http://www.novell.com/linux/security/advisories/2007_13_sr.html

http://www.python.org/download/releases/2.5.1/NEWS.txt

http://www.redhat.com/support/errata/RHSA-2007-1076.html

http://www.redhat.com/support/errata/RHSA-2007-1077.html

http://www.redhat.com/support/errata/RHSA-2008-0629.html

http://www.securityfocus.com/archive/1/469294/30/6450/threaded

http://www.securityfocus.com/archive/1/488457/100/0/threaded

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/23887

http://www.trustix.org/errata/2007/0019/

http://www.ubuntu.com/usn/usn-585-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2007/1465

http://www.vupen.com/english/advisories/2008/0637

http://www.vupen.com/english/advisories/2009/3316

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093

https://exchange.xforce.ibmcloud.com/vulnerabilities/34060

https://issues.rpath.com/browse/RPL-1358

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353

Details

Source: MITRE

Published: 2007-04-16

Updated: 2018-10-16

Type: CWE-189

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
133259SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
67896Oracle Linux 5 : python (ELSA-2009-1176)NessusOracle Linux Local Security Checks
critical
67614Oracle Linux 3 / 4 : python (ELSA-2007-1076)NessusOracle Linux Local Security Checks
medium
60622Scientific Linux Security Update : python for SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60327Scientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64NessusScientific Linux Local Security Checks
medium
43839RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)NessusRed Hat Local Security Checks
critical
43838RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)NessusRed Hat Local Security Checks
critical
43836RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)NessusRed Hat Local Security Checks
critical
43771CentOS 5 : python (CESA-2009:1176)NessusCentOS Local Security Checks
critical
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
40400RHEL 5 : python (RHSA-2009:1176)NessusRed Hat Local Security Checks
critical
40374VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updatesNessusVMware ESX Local Security Checks
high
33740Debian DSA-1620-1 : python2.5 - several vulnerabilitiesNessusDebian Local Security Checks
high
32006Debian DSA-1551-1 : python2.4 - several vulnerabilitiesNessusDebian Local Security Checks
high
31461Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : python2.4/2.5 vulnerabilities (USN-585-1)NessusUbuntu Local Security Checks
medium
29560SuSE 10 Security Update : python (ZYPP Patch Number 3750)NessusSuSE Local Security Checks
medium
29302RHEL 2.1 : python (RHSA-2007:1077)NessusRed Hat Local Security Checks
medium
29301RHEL 3 / 4 : python (RHSA-2007:1076)NessusRed Hat Local Security Checks
medium
29255CentOS 3 / 4 : python (CESA-2007:1076)NessusCentOS Local Security Checks
medium
27408openSUSE 10 Security Update : python (python-3749)NessusSuSE Local Security Checks
medium
27407openSUSE 10 Security Update : python (python-3478)NessusSuSE Local Security Checks
medium
25190Mandrake Linux Security Advisory : python (MDKSA-2007:099)NessusMandriva Local Security Checks
medium