Info

Disclosure

Mar 10, 2004

Discovery

Mar 09, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in the getaddrinfo() function in Python. Python fails to handle an IPv6 DNS address, if IPv6 is not enabled, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed on the vulnerable server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Impact Unknown
Exploit: Exploit Rumored
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Python Software Foundation	Python	2.2
		2.2.1

References

Secunia Advisory ID: 11080 12452
ISS X-Force ID: 15409
CVE ID: 2004-0150 (see also: NVD)
Bugtraq ID: 9836
Vendor Specific Advisory URL: http://www.debian.org/security/2004/dsa-458
http://www.gentoo.org/security/en/glsa/glsa-200409-03.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:019
Vendor Specific Solution URL: http://www.python.org/download/

Credit

Sebastian Krahmer - krahmersuse.de - SuSE

Direct URL: http://osvdb.org/4172

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Python Software Foundation

Python

References

Credit