Short Name |
HTTP:MISC:PYTHON-PYLOCALE
|
Severity |
Medium
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Python 'PyLocale_strxfrm()' Off-by-one Arbitrary Memory Disclosure
|
Release Date |
2012/12/12
|
Update Number |
2210
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+
|
HTTP: Python 'PyLocale_strxfrm()' Off-by-one Arbitrary Memory Disclosure
This signature detects attempts to exploit a known vulnerability against Python version 2.4 and 2.5. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Extended Description
Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak.
Exploiting this issue allows remote attackers to read portions of memory.
Python 2.4.4-2 and 2.5 are confirmed vulnerable.
Affected Products
- Avaya Intuity AUDIX LX 2.0
- Avaya Message Networking
- Avaya Messaging Storage Server
- Debian Linux 4.0
- Debian Linux 4.0 Alpha
- Debian Linux 4.0 Amd64
- Debian Linux 4.0 Arm
- Debian Linux 4.0 Hppa
- Debian Linux 4.0 Ia-32
- Debian Linux 4.0 Ia-64
- Debian Linux 4.0 M68k
- Debian Linux 4.0 Mips
- Debian Linux 4.0 Mipsel
- Debian Linux 4.0 Powerpc
- Debian Linux 4.0 S/390
- Debian Linux 4.0 Sparc
- Foresight Linux 1.1
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Linux Mandrake 2007.0
- Mandriva Linux Mandrake 2007.0 X86 64
- Mandriva Linux Mandrake 2007.1
- Mandriva Linux Mandrake 2007.1 X86 64
- Mandriva Multi Network Firewall 2.0.0
- Python Software Foundation Python 2.4.3
- Python Software Foundation Python 2.4.4
- Python Software Foundation Python 2.5
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Desktop 3.0.0
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux 5 Server
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux AS 3
- Red Hat Enterprise Linux AS 4
- Red Hat Enterprise Linux AS 4.5.Z
- Red Hat Enterprise Linux AS 4.6.Z
- Red Hat Enterprise Linux Desktop 5 Client
- Red Hat Enterprise Linux Desktop Workstation 5 Client
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux ES 3
- Red Hat Enterprise Linux ES 4
- Red Hat Enterprise Linux ES 4.5.Z
- Red Hat Enterprise Linux ES 4.6.Z
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Enterprise Linux WS 3
- Red Hat Enterprise Linux WS 4
- Red Hat Fedora Core5
- Red Hat Fedora Core6
- Red Hat Network Satellite (for RHEL 3) 4.2
- Red Hat Network Satellite (for RHEL 4) 4.2
- Red Hat Network Satellite (for RHEL 4) 5.1
- Red Hat Red Hat Network Satellite Server 4.2
- Red Hat Red Hat Network Satellite Server 5.0.0
- rPath rPath Linux 1
- Ubuntu Ubuntu Linux 6.06 LTS Amd64
- Ubuntu Ubuntu Linux 6.06 LTS I386
- Ubuntu Ubuntu Linux 6.06 LTS Powerpc
- Ubuntu Ubuntu Linux 6.06 LTS Sparc
- Ubuntu Ubuntu Linux 6.10 Amd64
- Ubuntu Ubuntu Linux 6.10 I386
- Ubuntu Ubuntu Linux 6.10 Powerpc
- Ubuntu Ubuntu Linux 6.10 Sparc
- Ubuntu Ubuntu Linux 7.04 Amd64
- Ubuntu Ubuntu Linux 7.04 I386
- Ubuntu Ubuntu Linux 7.04 Powerpc
- Ubuntu Ubuntu Linux 7.04 Sparc
- Ubuntu Ubuntu Linux 7.10 Amd64
- Ubuntu Ubuntu Linux 7.10 I386
- Ubuntu Ubuntu Linux 7.10 Powerpc
- Ubuntu Ubuntu Linux 7.10 Sparc
- VMWare ESX Server 2.5.4 Patch 15
- VMWare ESX Server 2.5.5
- VMWare ESX Server 2.5.5 Patch 4
- VMWare ESX Server 3.0.1
- VMWare ESX Server 3.0.2
- VMWare ESX Server 3.0.3
- VMWare ESX Server 3.5
- VMWare ESX Server 4.0
- VMWare vMA 4.0
References