Article

Python vulnerability permits remote attacks

Edmund X. DeJesus, Contributing Writer

Thousands of applications, including many large and mission critical systems at enterprises like Industrial Light & Magic, Google and NASA, are vulnerable to a bug that could allow a remote attacker to execute arbitrary code or gain system access.

Applications and systems using Python -- including Debian GNU/Linux and Mandrake Linux -- may need to be updated or rebuilt.

    Requires Free Membership to View

For more information

Click here for Secunia's advisory on the vulnerability. To upgrade Python, see here.

See below for product specific information:

Debian

Mandrake Corporate Server 2.x or Mandrake Linux 9.x

Python is an interactive, object-oriented programming language commonly used for scripting. It runs on Unix, Windows, OS/2, Mac, Amiga and other platforms.

Python developer Sebastian Schmidt has discovered vulnerability in the getaddrinfo function, which resolves a host and port into the addrinfo struct.

A remote attacker could supply a specially crafted IPv6 address via DNS that could cause a buffer overflow, permitting execution of arbitrary code and unauthorized system access. This only occurs if Python is configured without IPv6 support.

Only a week ago, another Python vulnerability was discovered involving Debian and Apache that allowed a remote denial of service.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: