FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)
high Nessus Plugin ID 34164
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
Secunia reports :Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
Various integer overflow errors exist in core modules e.g.
stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.
An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.
Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems.
An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a 'vsnprintf()' function.
An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.
Solution
Update the affected packages.See Also
https://bugs.python.org/issue2620
https://bugs.python.org/issue2588
https://bugs.python.org/issue2589
http://www.nessus.org/u?1441e508
http://www.nessus.org/u?1afed817
Plugin Details
Severity: High
ID: 34164
File Name: freebsd_pkg_0dccaa287f3c11dd8de50030843d3802.nasl
Version: 1.16
Type: local
Family: FreeBSD Local Security Checks
Published: 9/11/2008
Updated: 1/6/2021
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:python23, p-cpe:/a:freebsd:freebsd:python24, p-cpe:/a:freebsd:freebsd:python25, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 9/10/2008
Vulnerability Publication Date: 8/4/2008
Reference Information
CVE: CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3144