Debian DSA-1198-1 : python2.3 - buffer overflow

High Nessus Plugin ID 22907

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.5

Synopsis

The remote Debian host is missing a security-related update.

Description

Benjamin C. Wiley Sittler discovered that the repr() of the Python interpreter allocates insufficient memory when parsing UCS-4 Unicode strings, which might lead to execution of arbitrary code through a buffer overflow.

Solution

Upgrade the Python 2.3 packages.

For the stable distribution (sarge) this problem has been fixed in version 2.3.5-3sarge2. Due to build problems this update lacks fixed packages for the Alpha and Sparc architectures. Once they are sorted out, fixed binaries will be released.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391589

http://www.debian.org/security/2006/dsa-1198

Plugin Details

Severity: High

ID: 22907

File Name: debian_DSA-1198.nasl

Version: 1.14

Type: local

Agent: unix

Published: 2006/10/25

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.5

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:python2.3, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2006/10/23

Vulnerability Publication Date: 2006/08/16

Reference Information

CVE: CVE-2006-4980

DSA: 1198