CVE-2008-2315

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

References

http://bugs.gentoo.org/attachment.cgi?id=159418&action=view

http://bugs.gentoo.org/show_bug.cgi?id=230640

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/31305

http://secunia.com/advisories/31332

http://secunia.com/advisories/31358

http://secunia.com/advisories/31365

http://secunia.com/advisories/31518

http://secunia.com/advisories/31687

http://secunia.com/advisories/32793

http://secunia.com/advisories/33937

http://secunia.com/advisories/37471

http://secunia.com/advisories/38675

http://security.gentoo.org/glsa/glsa-200807-16.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

http://support.apple.com/kb/HT3438

http://support.avaya.com/css/P8/documents/100074697

http://www.debian.org/security/2008/dsa-1667

http://www.mandriva.com/security/advisories?name=MDVSA-2008:163

http://www.mandriva.com/security/advisories?name=MDVSA-2008:164

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

http://www.openwall.com/lists/oss-security/2008/11/05/2

http://www.openwall.com/lists/oss-security/2008/11/05/3

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/30491

http://www.ubuntu.com/usn/usn-632-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2008/2288

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/44172

https://exchange.xforce.ibmcloud.com/vulnerabilities/44173

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761

Details

Source: MITRE

Published: 2008-08-01

Updated: 2018-10-11

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:1.6:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.0:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.1:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.2:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.3:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.3.6:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.3.7:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.4:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.4.3:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.4.4:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.4.5:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.5:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:python_software_foundation:python:*:*:*:*:*:*:*:* versions up to 2.5.2 (inclusive)

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
133259SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
89117VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)NessusMisc.
critical
67898Oracle Linux 3 : python (ELSA-2009-1178)NessusOracle Linux Local Security Checks
critical
67897Oracle Linux 4 : python (ELSA-2009-1177)NessusOracle Linux Local Security Checks
critical
67896Oracle Linux 5 : python (ELSA-2009-1176)NessusOracle Linux Local Security Checks
critical
60625Scientific Linux Security Update : python for SL 4.x on i386/x86_64NessusScientific Linux Local Security Checks
critical
60624Scientific Linux Security Update : python for SL 3.0.x on i386/x86_64NessusScientific Linux Local Security Checks
critical
60622Scientific Linux Security Update : python for SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
43771CentOS 5 : python (CESA-2009:1176)NessusCentOS Local Security Checks
critical
42870VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.NessusVMware ESX Local Security Checks
medium
41229SuSE9 Security Update : Python (YOU Patch Number 12215)NessusSuSE Local Security Checks
high
40402RHEL 3 : python (RHSA-2009:1178)NessusRed Hat Local Security Checks
critical
40401RHEL 4 : python (RHSA-2009:1177)NessusRed Hat Local Security Checks
critical
40400RHEL 5 : python (RHSA-2009:1176)NessusRed Hat Local Security Checks
critical
40394CentOS 3 : python (CESA-2009:1178)NessusCentOS Local Security Checks
critical
40361Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : python2.4, python2.5 vulnerabilities (USN-806-1)NessusUbuntu Local Security Checks
critical
40115openSUSE Security Update : python (python-128)NessusSuSE Local Security Checks
high
37212Mandriva Linux Security Advisory : python (MDVSA-2008:163)NessusMandriva Local Security Checks
critical
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
34823Debian DSA-1667-1 : python2.4 - several vulnerabilitiesNessusDebian Local Security Checks
high
34164FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)NessusFreeBSD Local Security Checks
high
33924openSUSE 10 Security Update : python (python-5491)NessusSuSE Local Security Checks
high
33923SuSE 10 Security Update : Python (ZYPP Patch Number 5490)NessusSuSE Local Security Checks
high
33824Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)NessusSlackware Local Security Checks
high
33807Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)NessusUbuntu Local Security Checks
critical
33782GLSA-200807-16 : Python: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high