|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200409-03] Python 2.2: Buffer overflow in getaddrinfo() Vulnerability Scan
Vulnerability Scan Summary
Python 2.2: Buffer overflow in getaddrinfo()
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200409-03
(Python 2.2: Buffer overflow in getaddrinfo())
If IPV6 is disabled in Python 2.2, getaddrinfo() is not able to handle IPV6
DNS requests properly and a buffer overflow occurs.
Impact
A possible hacker can execute arbitrary code as the user running python.
Workaround
Users with IPV6 enabled are not affected by this vulnerability.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0150
http://www.osvdb.org/4172
Solution:
All Python 2.2 users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=dev-lang/python-2.2.2"
# emerge ">=dev-lang/python-2.2.2"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
