Python vulnerability permits remote attacks

By Edmund X. DeJesus, Contributing Writer 11 Mar 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Thousands of applications, including many large and mission critical systems at enterprises like Industrial Light & Magic, Google and NASA, are vulnerable to a bug that could allow a remote attacker to execute arbitrary code or gain system access.

Applications and systems using Python -- including Debian GNU/Linux and Mandrake Linux -- may need to be updated or rebuilt.

For more information Click here for Secunia's advisory on the vulnerability. To upgrade Python, see here. See below for product specific information: Debian Mandrake Corporate Server 2.x or Mandrake Linux 9.x

Python is an interactive, object-oriented programming language commonly used for scripting. It runs on Unix, Windows, OS/2, Mac, Amiga and other platforms.

Python developer Sebastian Schmidt has discovered vulnerability in the getaddrinfo function, which resolves a host and port into the addrinfo struct.

A remote attacker could supply a specially crafted IPv6 address via DNS that could cause a buffer overflow, permitting execution of arbitrary code and unauthorized system access. This only occurs if Python is configured without IPv6 support.

Only a week ago, another Python vulnerability was discovered involving Debian and Apache that allowed a remote denial of service.

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary