Mandrake Linux Security Advisory : python (MDKSA-2004:019)

High Nessus Plugin ID 14119


The remote Mandrake Linux host is missing one or more security updates.


A buffer overflow in python 2.2's getaddrinfo() function was discovered by Sebastian Schmidt. If python 2.2 is built without IPv6 support, an attacker could configure their name server to let a hostname resolve to a special IPv6 address, which could contain a memory address where shellcode is placed. This problem does not affect python versions prior to 2.2 or versions 2.2.2+, and it also doesn't exist if IPv6 support is enabled.

The updated packages have been patched to correct the problem. Thanks to Sebastian for both the discovery and patch.


Update the affected packages.

Plugin Details

Severity: High

ID: 14119

File Name: mandrake_MDKSA-2004-019.nasl

Version: $Revision: 1.17 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:libpython2.2, p-cpe:/a:mandriva:linux:libpython2.2-devel, p-cpe:/a:mandriva:linux:python, p-cpe:/a:mandriva:linux:python-base, p-cpe:/a:mandriva:linux:python-docs, p-cpe:/a:mandriva:linux:tkinter, cpe:/o:mandrakesoft:mandrake_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/03/09

Reference Information

CVE: CVE-2004-0150

MDKSA: 2004:019