CVE-2007-2052 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-2052
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2052

Description: Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-585-1 TRUSTIX http://www.trustix.org/errata/2007/0019/ SUSE http://www.novell.com/linux/security/advisories/2007_13_sr.html SAID Secunia Advisory: SA28027 Secunia Advisory: SA25190 Secunia Advisory: SA25217 Secunia Advisory: SA25233 Secunia Advisory: SA25353 Secunia Advisory: SA25787 Secunia Advisory: SA28050 Secunia Advisory: SA29032 Secunia Advisory: SA29303 Secunia Advisory: SA29889 Secunia Advisory: SA31255 Secunia Advisory: SA31492 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0629.html http://www.redhat.com/support/errata/RHSA-2007-1076.html http://www.redhat.com/support/errata/RHSA-2007-1077.html MLIST http://lists.vmware.com/pipermail/security-announce/2008/000005.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:099 DEBIAN http://www.debian.org/security/2008/dsa-1551 http://www.debian.org/security/2008/dsa-1620 CONFIRM http://www.python.org/download/releases/2.5.1/NEWS.txt http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/469294/30/6450/threaded http://www.securityfocus.com/archive/1/archive/1/488457/100/0/threaded BID 23887

Return to the previous page.