Signature Detail

HTTP: Python 'PyLocale_strxfrm()' Off-by-one Arbitrary Memory Disclosure

This signature detects attempts to exploit a known vulnerability against Python version 2.4 and 2.5. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Extended Description

Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak. Exploiting this issue allows remote attackers to read portions of memory. Python 2.4.4-2 and 2.5 are confirmed vulnerable.

Affected Products

• Avaya Intuity AUDIX LX 2.0
• Avaya Message Networking
• Avaya Messaging Storage Server
• Debian Linux 4.0
• Debian Linux 4.0 Alpha
• Debian Linux 4.0 Amd64
• Debian Linux 4.0 Arm
• Debian Linux 4.0 Hppa
• Debian Linux 4.0 Ia-32
• Debian Linux 4.0 Ia-64
• Debian Linux 4.0 M68k
• Debian Linux 4.0 Mips
• Debian Linux 4.0 Mipsel
• Debian Linux 4.0 Powerpc
• Debian Linux 4.0 S/390
• Debian Linux 4.0 Sparc
• Foresight Linux 1.1
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Linux Mandrake 2007.0
• Mandriva Linux Mandrake 2007.0 X86 64
• Mandriva Linux Mandrake 2007.1
• Mandriva Linux Mandrake 2007.1 X86 64
• Mandriva Multi Network Firewall 2.0.0
• Python Software Foundation Python 2.4.3
• Python Software Foundation Python 2.4.4
• Python Software Foundation Python 2.5
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Desktop 3.0.0
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux 5 Server
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 2.1 IA64
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux AS 4.5.Z
• Red Hat Enterprise Linux AS 4.6.Z
• Red Hat Enterprise Linux Desktop 5 Client
• Red Hat Enterprise Linux Desktop Workstation 5 Client
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux ES 4.5.Z
• Red Hat Enterprise Linux ES 4.6.Z
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 2.1 IA64
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora Core5
• Red Hat Fedora Core6
• Red Hat Network Satellite (for RHEL 3) 4.2
• Red Hat Network Satellite (for RHEL 4) 4.2
• Red Hat Network Satellite (for RHEL 4) 5.1
• Red Hat Red Hat Network Satellite Server 4.2
• Red Hat Red Hat Network Satellite Server 5.0.0
• rPath rPath Linux 1
• Ubuntu Ubuntu Linux 6.06 LTS Amd64
• Ubuntu Ubuntu Linux 6.06 LTS I386
• Ubuntu Ubuntu Linux 6.06 LTS Powerpc
• Ubuntu Ubuntu Linux 6.06 LTS Sparc
• Ubuntu Ubuntu Linux 6.10 Amd64
• Ubuntu Ubuntu Linux 6.10 I386
• Ubuntu Ubuntu Linux 6.10 Powerpc
• Ubuntu Ubuntu Linux 6.10 Sparc
• Ubuntu Ubuntu Linux 7.04 Amd64
• Ubuntu Ubuntu Linux 7.04 I386
• Ubuntu Ubuntu Linux 7.04 Powerpc
• Ubuntu Ubuntu Linux 7.04 Sparc
• Ubuntu Ubuntu Linux 7.10 Amd64
• Ubuntu Ubuntu Linux 7.10 I386
• Ubuntu Ubuntu Linux 7.10 Powerpc
• Ubuntu Ubuntu Linux 7.10 Sparc
• VMWare ESX Server 2.5.4 Patch 15
• VMWare ESX Server 2.5.5
• VMWare ESX Server 2.5.5 Patch 4
• VMWare ESX Server 3.0.1
• VMWare ESX Server 3.0.2
• VMWare ESX Server 3.0.3
• VMWare ESX Server 3.5
• VMWare ESX Server 4.0
• VMWare vMA 4.0

References

• BugTraq: 23887
• CVE: CVE-2007-2052