CVE-2008-1887 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2008-1887?

CVE-2008-1887 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-1887?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Python	Python	<= 2.5.2
Canonical	Ubuntu Linux	6.06
Debian	Debian Linux	4.0

Related Weaknesses (CWE)

CWE-120

References

http://bugs.python.org/issue2587ExploitIssue TrackingVendor Advisory
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/29889Not Applicable
http://secunia.com/advisories/30872Not Applicable
http://secunia.com/advisories/31255Not Applicable
http://secunia.com/advisories/31365Not Applicable
http://secunia.com/advisories/31518Not Applicable
http://secunia.com/advisories/31687Not Applicable
http://secunia.com/advisories/33937Not Applicable
http://secunia.com/advisories/37471Not Applicable
http://security.gentoo.org/glsa/glsa-200807-01.xmlThird Party Advisory
http://support.apple.com/kb/HT3438Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122Broken Link
http://www.debian.org/security/2008/dsa-1551PatchThird Party Advisory

FAQ

What is CVE-2008-1887?

CVE-2008-1887 is a vulnerability with a CVSS score of 9.3 (HIGH). Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, w...

How severe is CVE-2008-1887?

CVE-2008-1887 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1887?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Canonical Ubuntu Linux, Debian Debian Linux.