National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-2052 Detail

Description

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

Source:  MITRE      Last Modified:  04/16/2007

Quick Info

CVE Dictionary Entry:
CVE-2007-2052
Original release date:
04/16/2007
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
5.0 MEDIUM
Vector:
(AV:N/AC:L/Au:N/C:P/I:N/A:N) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information

Vendor Statements (disclaimer)

Official Statement from Red Hat (04/19/2007)

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934 External Source CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934
http://lists.vmware.com/pipermail/security-announce/2008/000005.html External Source MLIST [Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
http://www.debian.org/security/2008/dsa-1551 External Source DEBIAN DSA-1551
http://www.debian.org/security/2008/dsa-1620 External Source DEBIAN DSA-1620
http://www.mandriva.com/security/advisories?name=MDKSA-2007:099 External Source MANDRIVA MDKSA-2007:099
http://www.novell.com/linux/security/advisories/2007_13_sr.html External Source SUSE SUSE-SR:2007:013
http://www.python.org/download/releases/2.5.1/NEWS.txt External Source CONFIRM http://www.python.org/download/releases/2.5.1/NEWS.txt
http://www.redhat.com/support/errata/RHSA-2007-1076.html External Source REDHAT RHSA-2007:1076
http://www.redhat.com/support/errata/RHSA-2007-1077.html External Source REDHAT RHSA-2007:1077
http://www.redhat.com/support/errata/RHSA-2008-0629.html External Source REDHAT RHSA-2008:0629
http://www.securityfocus.com/archive/1/archive/1/469294/30/6450/threaded External Source BUGTRAQ 20070521 FLEA-2007-0019-1: python
http://www.securityfocus.com/archive/1/archive/1/488457/100/0/threaded External Source BUGTRAQ 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded External Source BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
http://www.securityfocus.com/bid/23887 External Source BID 23887
http://www.trustix.org/errata/2007/0019/ External Source TRUSTIX 2007-0019
http://www.ubuntu.com/usn/usn-585-1 External Source UBUNTU USN-585-1
http://www.vmware.com/security/advisories/VMSA-2009-0016.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2007/1465 External Source VUPEN ADV-2007-1465
http://www.vupen.com/english/advisories/2008/0637 External Source VUPEN ADV-2008-0637
http://www.vupen.com/english/advisories/2009/3316 External Source VUPEN ADV-2009-3316
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093 External Source CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093
https://exchange.xforce.ibmcloud.com/vulnerabilities/34060 External Source XF python-localemodule-information-disclosure(34060)
https://issues.rpath.com/browse/RPL-1358 External Source CONFIRM https://issues.rpath.com/browse/RPL-1358
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716 External Source OVAL oval:org.mitre.oval:def:11716
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353 External Source OVAL oval:org.mitre.oval:def:8353

References to Check Content

Identifier:
oval:org.mitre.oval:def:11716
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11716
Identifier:
oval:org.mitre.oval:def:8353
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8353

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes