aru Posted March 10, 2004 Report Share Posted March 10, 2004 MandrakeSoft Security Advisory MDKSA-2004:019 : python March 9th, 2004 Updated python packages fix buffer overflow vulnerability A buffer overflow in python 2.2's getaddrinfo() function was discovered by Sebastian Schmidt. If python 2.2 is built without IPv6 support, an attacker could configure their name server to let a hostname resolve to a special IPv6 address, which could contain a memory address where shellcode is placed. This problem does not affect python versions prior to 2.2 or versions 2.2.2+, and it also doesn't exist if IPv6 support is enabled. The updated packages have been patched to correct the problem. Thanks to Sebastian for both the discovery and patch. The released versions of Mandrake GNU/Linux affected are: 9.0 Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:019 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0150 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts