Mandrake Linux Security Advisory : python (MDKSA-2004:019)

high Nessus Plugin ID 14119

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A buffer overflow in python 2.2's getaddrinfo() function was discovered by Sebastian Schmidt. If python 2.2 is built without IPv6 support, an attacker could configure their name server to let a hostname resolve to a special IPv6 address, which could contain a memory address where shellcode is placed. This problem does not affect python versions prior to 2.2 or versions 2.2.2+, and it also doesn't exist if IPv6 support is enabled.

The updated packages have been patched to correct the problem. Thanks to Sebastian for both the discovery and patch.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 14119

File Name: mandrake_MDKSA-2004-019.nasl

Version: 1.20

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:python-docs, p-cpe:/a:mandriva:linux:python, p-cpe:/a:mandriva:linux:libpython2.2-devel, p-cpe:/a:mandriva:linux:libpython2.2, cpe:/o:mandrakesoft:mandrake_linux:9.0, p-cpe:/a:mandriva:linux:python-base, p-cpe:/a:mandriva:linux:tkinter

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 3/9/2004

Reference Information

CVE: CVE-2004-0150

MDKSA: 2004:019