Debian DSA-1551-1 : python2.4 - several vulnerabilities

high Nessus Plugin ID 32006
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.7

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure.

- CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch.

- CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code.

- CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.

Solution

Upgrade the python2.4 packages.

For the stable distribution (etch), these problems have been fixed in version 2.4.4-3+etch1.

See Also

https://security-tracker.debian.org/tracker/CVE-2007-2052

https://security-tracker.debian.org/tracker/CVE-2007-4965

https://security-tracker.debian.org/tracker/CVE-2008-1679

https://security-tracker.debian.org/tracker/CVE-2008-1721

https://security-tracker.debian.org/tracker/CVE-2008-1887

https://www.debian.org/security/2008/dsa-1551

Plugin Details

Severity: High

ID: 32006

File Name: debian_DSA-1551.nasl

Version: 1.18

Type: local

Agent: unix

Published: 4/22/2008

Updated: 1/4/2021

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:python2.4, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 4/19/2008

Reference Information

CVE: CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887

DSA: 1551

CWE: 119, 189