Joined: 25 Feb 2003
Location: Essen, Germany
|Posted: Thu Sep 02, 2004 9:12 pm Post subject: [ GLSA 200409-03 ] Python 2.2: Buffer overflow in getaddrinf
|Gentoo Linux Security Advisory
Title: Python 2.2: Buffer overflow in getaddrinfo() (GLSA 200409-03)
Date: September 02, 2004
Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().
Python is an interpreted, interactive, object-oriented, cross-platform programming language.
Vulnerable: < 2.2.2
Unaffected: >= 2.2.2
Unaffected: < 2.2
Architectures: All supported architectures
If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6 DNS requests properly and a buffer overflow occurs.
An attacker can execute arbitrary code as the user running python.
Users with IPV6 enabled are not affected by this vulnerability.
All Python 2.2 users should upgrade to the latest version:
|# emerge sync
# emerge -pv ">=dev-lang/python-2.2.2"
# emerge ">=dev-lang/python-2.2.2"
Last edited by GLSA on Thu Mar 08, 2007 4:16 am; edited 3 times in total