National Cyber-Alert System

Vulnerability Summary for CVE-2006-4980

Overview

Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (03/14/2007)

Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: SECUNIA

Name: 22303

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/22303

External Source: SECUNIA

Name: 22276

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/22276

External Source: CONFIRM

Name: https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633

Hyperlink:https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633

External Source: CONFIRM

Name: http://zoehep.xent.com/~bsittler/python2.4-2.4.3_unicodeobject.c.diff

Hyperlink:http://zoehep.xent.com/~bsittler/python2.4-2.4.3_unicodeobject.c.diff

External Source: UBUNTU

Name: USN-359-1

Hyperlink:http://www.ubuntu.com/usn/usn-359-1

External Source: BID

Name: 20376

Hyperlink:http://www.securityfocus.com/bid/20376

External Source: REDHAT

Name: RHSA-2008:0629

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0629.html

External Source: CONFIRM

Name: http://sourceforge.net/tracker/index.php?func=detail&aid=1541585&group_id=5470&atid=305470

Hyperlink:http://sourceforge.net/tracker/index.php?func=detail&aid=1541585&group_id=5470&atid=305470

External Source: SECUNIA

Name: 31492

Hyperlink:http://secunia.com/advisories/31492

External Source: CONFIRM

Name: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208162

Hyperlink:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208162

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-702

Hyperlink:https://issues.rpath.com/browse/RPL-702

External Source: XF

Name: python-repr-bo(29408)

Hyperlink:http://xforce.iss.net/xforce/xfdb/29408

External Source: CONFIRM

Name: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

Hyperlink:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html

External Source: CONFIRM

Name: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

Hyperlink:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html

External Source: BUGTRAQ

Name: 20070110 VMware ESX server security updates

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded

External Source: BUGTRAQ

Name: 20061011 rPSA-2006-0187-1 idle python

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/448244/100/100/threaded

External Source: REDHAT

Name: RHSA-2006:0713

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0713.html

External Source: SUSE

Name: SUSE-SR:2006:025

Hyperlink:http://www.novell.com/linux/security/advisories/2006_25_sr.html

External Source: MANDRIVA

Name: MDKSA-2006:181

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:181

External Source: VUPEN

Name: ADV-2006-5131

Hyperlink:http://www.frsirt.com/english/advisories/2006/5131

External Source: VUPEN

Name: ADV-2006-3940

Hyperlink:http://www.frsirt.com/english/advisories/2006/3940

External Source: DEBIAN

Name: DSA-1198

Hyperlink:http://www.debian.org/security/2006/dsa-1198

External Source: DEBIAN

Name: DSA-1197

Hyperlink:http://www.debian.org/security/2006/dsa-1197

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2006-229.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2006-229.htm

External Source: SECTRACK

Name: 1017019

Hyperlink:http://securitytracker.com/id?1017019

External Source: GENTOO

Name: GLSA-200610-07

Hyperlink:http://security.gentoo.org/glsa/glsa-200610-07.xml

External Source: SECUNIA

Name: 23680

Hyperlink:http://secunia.com/advisories/23680

External Source: SECUNIA

Name: 22639

Hyperlink:http://secunia.com/advisories/22639

External Source: SECUNIA

Name: 22531

Hyperlink:http://secunia.com/advisories/22531

External Source: SECUNIA

Name: 22512

Hyperlink:http://secunia.com/advisories/22512

External Source: SECUNIA

Name: 22487

Hyperlink:http://secunia.com/advisories/22487

External Source: SECUNIA

Name: 22448

Hyperlink:http://secunia.com/advisories/22448

External Source: SECUNIA

Name: 22379

Hyperlink:http://secunia.com/advisories/22379

External Source: SECUNIA

Name: 22358

Hyperlink:http://secunia.com/advisories/22358

External Source: SECUNIA

Name: 22357

Hyperlink:http://secunia.com/advisories/22357

External Source: SECUNIA

Name: 22297

Hyperlink:http://secunia.com/advisories/22297

External Source: CONFIRM

Name: http://kb.vmware.com/KanisaPlatform/Publishing/882/5120103_f.SAL_Public.html

Hyperlink:http://kb.vmware.com/KanisaPlatform/Publishing/882/5120103_f.SAL_Public.html

External Source: MANDRIVA

Name: MDKSA-2006:181

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:181

External Source: CONFIRM

Name: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391589

Hyperlink:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=391589

External Source: SGI

Name: 20061001-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc