CVE-2008-1721 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2008-1721?

CVE-2008-1721 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-1721?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Python	Python	>= 2.4.0, < 2.4.6
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-681

References

http://bugs.python.org/issue2586Issue TrackingVendor Advisory
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/29889Not Applicable
http://secunia.com/advisories/29955Not Applicable
http://secunia.com/advisories/30872Not Applicable
http://secunia.com/advisories/31255Not Applicable
http://secunia.com/advisories/31358Not Applicable
http://secunia.com/advisories/31365Not Applicable
http://secunia.com/advisories/33937Not Applicable
http://secunia.com/advisories/37471Not Applicable
http://secunia.com/advisories/38675Not Applicable
http://security.gentoo.org/glsa/glsa-200807-01.xmlThird Party Advisory
http://securityreason.com/securityalert/3802ExploitThird Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackwareThird Party Advisory
http://support.apple.com/kb/HT3438Third Party Advisory

FAQ

What is CVE-2008-1721?

CVE-2008-1721 is a vulnerability with a CVSS score of 7.5 (HIGH). Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory al...

How severe is CVE-2008-1721?

CVE-2008-1721 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1721?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Debian Debian Linux, Canonical Ubuntu Linux.