Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: [USN-73-1] Python vulnerability

[USN-73-1] Python vulnerability

From: Martin Pitt <martin.pitt_at_canonical.com>
Date: Thu, 3 Feb 2005 17:18:26 +0100

===========================================================
Ubuntu Security Notice USN-73-1 February 03, 2005
python2.2, python2.3 vulnerability
CAN-2005-0089
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

python2.2
python2.3

The problem can be corrected by upgrading the affected package to
version 2.2.3-10ubuntu0.1 (python2.2) and 2.3.4-2ubuntu0.1
(python2.3). After a standard system upgrade you must restart all
running Python server applications that use XML-RPC to effect the
necessary changes.

Details follow:

The Python developers discovered a flaw in the SimpleXMLRPCServer
module. Python XML-RPC servers that used the register_instance()
method to register an object, but do not have a _dispatch() method,
allowed remote users to access or change function internals using the
im_* and func_* attributes.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1.diff.gz
      Size/MD5: 1927781 2df9c99747532348619bbb8d8d5f3996
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1.dsc
      Size/MD5: 1184 3e1c5d029c99987852bad718712dcf76
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3.orig.tar.gz
      Size/MD5: 6711816 c23fbe6a0cdf800734f5813b9f7cb1d0
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1.diff.gz
      Size/MD5: 2284380 04304bcdf030e24976fa4f846b754aa8
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1.dsc
      Size/MD5: 1141 28c897b1a2c44ee9eb72cc30177f8697
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4.orig.tar.gz
      Size/MD5: 8502596 d68a6a490c04b2c8f664ba4f2192e2fb

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/idle-python2.2_2.2.3-10ubuntu0.1_all.deb
      Size/MD5: 116018 b4ab3787a4c6b4025a9ae70393990b45
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.3/idle-python2.3_2.3.4-2ubuntu0.1_all.deb
      Size/MD5: 228350 07375ecb2762227776cd700429d8531c
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-doc_2.2.3-10ubuntu0.1_all.deb
      Size/MD5: 2268242 a572cf6409ca4a82721952ae7d36529d
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-examples_2.2.3-10ubuntu0.1_all.deb
      Size/MD5: 479006 cdf96d86449bdbd72ef25e5830a9a8fe
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-doc_2.3.4-2ubuntu0.1_all.deb
      Size/MD5: 2816894 91930107a10bb529d3cba16312457d76
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-examples_2.3.4-2ubuntu0.1_all.deb
      Size/MD5: 507732 2daf5ccaec4f6b967223b09b15f85197

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_amd64.deb
      Size/MD5: 1402344 a1d36ff39d0fb0cf2a05b22175f3083f
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_amd64.deb
      Size/MD5: 20138 e771840c7881423e226d0fb37a2e1a1e
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_amd64.deb
      Size/MD5: 24932 a71d0c4e6301b330b62edc73865300ae
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_amd64.deb
      Size/MD5: 96092 606bcccac218c73b3f86658cb4ba4750
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_amd64.deb
      Size/MD5: 54902 a030a68171c6fc6591a9e8af1ed1c31b
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_amd64.deb
      Size/MD5: 2240692 59cb63acc72ee9b6b93f786555f6343f
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_amd64.deb
      Size/MD5: 1747592 a9c0dd251682fb7101ebfcad03d1d114
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_amd64.deb
      Size/MD5: 22300 5cc5444cf4c6361e7f2bb7970a53dad2
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_amd64.deb
      Size/MD5: 27138 f362a0c22d0ebeb4f82910ce8fad2206
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_amd64.deb
      Size/MD5: 104686 ce82ad1e4225e88a9d442e86e3df1cbd
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_amd64.deb
      Size/MD5: 2868960 2eb165d9c2654606c26cf2f8e195b638

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_i386.deb
      Size/MD5: 1272072 875cdbb06f99e8a47e3c101e15663c8a
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_i386.deb
      Size/MD5: 19798 d77efa2115ebe5865ea364851469a829
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_i386.deb
      Size/MD5: 23686 45e1ed9fd53a647d917537c10c7a46d6
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_i386.deb
      Size/MD5: 93364 389380de54da2d08c7b04c1aa4c95677
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_i386.deb
      Size/MD5: 53162 90aaed4f73b488ada5cd06986d226614
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_i386.deb
      Size/MD5: 2114526 47c6ae1fece9dc560b1e8936e79df43e
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_i386.deb
      Size/MD5: 1601264 7abd99ff94b75c7afd6c1588215293de
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_i386.deb
      Size/MD5: 21950 9b9dde52eabbc8814c1e3afa2704473f
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_i386.deb
      Size/MD5: 25828 e784462eff29ce1e01bfe752868abd27
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_i386.deb
      Size/MD5: 102082 dcdfa6a516d8d304f61d545004ddd966
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_i386.deb
      Size/MD5: 2709818 3cb0d2298cd5f16cc788a605030cb443

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_powerpc.deb
      Size/MD5: 1503152 4256f400ee60f9742b126b0e1b3a7632
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_powerpc.deb
      Size/MD5: 21666 6ee9aba13aeeaa94241a8c3374845cf1
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_powerpc.deb
      Size/MD5: 26042 6379c3913926b334540a7242375d0941
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_powerpc.deb
      Size/MD5: 96722 cb91d46072de61a5ada927174302ffe9
    http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_powerpc.deb
      Size/MD5: 55926 8cc515a6cf422176e742308f084d3f19
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_powerpc.deb
      Size/MD5: 2358186 d741cf48639a380c1a2b0e403d5ed8d6
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_powerpc.deb
      Size/MD5: 1863678 57357eb08927011b1cd7d380ff95bdf5
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_powerpc.deb
      Size/MD5: 23732 b5c6ce94233cd2ec0766f2719f398cc8
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_powerpc.deb
      Size/MD5: 28194 d177c4e8a8f4a939978720e52a70f46b
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_powerpc.deb
      Size/MD5: 105318 344134e35b32ee6943a77e4e11dd4d05
    http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_powerpc.deb
      Size/MD5: 3024388 852ffcf5cfd7fcf2f1f65121f58dced9

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Received on Feb 03 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]