|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200509-09] Py2Play: Remote execution of arbitrary Python code Vulnerability Scan
Vulnerability Scan Summary
Py2Play: Remote execution of arbitrary Python code
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200509-09
(Py2Play: Remote execution of arbitrary Python code)
Arc Riley discovered that Py2Play uses Python pickles to send
objects over a peer-to-peer game network, and that clients accept
without restriction the objects and code sent by peers.
Impact
A remote attacker participating in a Py2Play-powered game can send
malicious Python pickles, resulting in the execution of arbitrary
Python code on the targeted game client.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2875
Solution:
The Py2Play package has been hard-masked prior to complete removal
from Portage, and current users are advised to unmerge the package:
# emerge --unmerge dev-python/py2play
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
