Python vulnerability permits remote attacks

Thousands of applications, including large and mission critical systems, are vulnerable to a bug that could allow a remote attacker to execute arbitrary code or gain system access.

Thousands of applications, including many large and mission critical systems at enterprises like Industrial Light & Magic, Google and NASA, are vulnerable to a bug that could allow a remote attacker to execute arbitrary code or gain system access.

Applications and systems using Python -- including Debian GNU/Linux and Mandrake Linux -- may need to be updated or rebuilt.

For more information

Click here for Secunia's advisory on the vulnerability. To upgrade Python, see here.

See below for product specific information:

Debian

Mandrake Corporate Server 2.x or Mandrake Linux 9.x

Python is an interactive, object-oriented programming language commonly used for scripting. It runs on Unix, Windows, OS/2, Mac, Amiga and other platforms.

Python developer Sebastian Schmidt has discovered vulnerability in the getaddrinfo function, which resolves a host and port into the addrinfo struct.

A remote attacker could supply a specially crafted IPv6 address via DNS that could cause a buffer overflow, permitting execution of arbitrary code and unauthorized system access. This only occurs if Python is configured without IPv6 support.

Only a week ago, another Python vulnerability was discovered involving Debian and Apache that allowed a remote denial of service.

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close