National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2008-1721 Detail

Description

Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.

Source:  MITRE      Last Modified:  04/10/2008

Quick Info

CVE Dictionary Entry:
CVE-2008-1721
Original release date:
04/10/2008
Last revised:
09/28/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (04/15/2008)

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=442005 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://bugs.python.org/issue2586 External Source CONFIRM http://bugs.python.org/issue2586
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html External Source APPLE APPLE-SA-2009-02-12
http://security.gentoo.org/glsa/glsa-200807-01.xml External Source GENTOO GLSA-200807-01
http://securityreason.com/securityalert/3802 External Source SREASON 3802
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 External Source SLACKWARE SSA:2008-217-01
http://support.apple.com/kb/HT3438 External Source CONFIRM http://support.apple.com/kb/HT3438
http://support.avaya.com/css/P8/documents/100074697 External Source CONFIRM http://support.avaya.com/css/P8/documents/100074697
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149 External Source CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149
http://www.debian.org/security/2008/dsa-1551 External Source DEBIAN DSA-1551
http://www.debian.org/security/2008/dsa-1620 External Source DEBIAN DSA-1620
http://www.mandriva.com/security/advisories?name=MDVSA-2008:085 External Source MANDRIVA MDVSA-2008:085
http://www.securityfocus.com/archive/1/archive/1/490690/100/0/threaded Exploit External Source BUGTRAQ 20080409 IOActive Security Advisory: Buffer overflow in Python zlib extension module
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded External Source BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
http://www.securityfocus.com/bid/28715 External Source BID 28715
http://www.securitytracker.com/id?1019823 External Source SECTRACK 1019823
http://www.ubuntu.com/usn/usn-632-1 External Source UBUNTU USN-632-1
http://www.vmware.com/security/advisories/VMSA-2009-0016.html External Source CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2008/1229/references External Source VUPEN ADV-2008-1229
http://www.vupen.com/english/advisories/2009/3316 External Source VUPEN ADV-2009-3316
https://exchange.xforce.ibmcloud.com/vulnerabilities/41748 External Source XF zlib-pystringfromstringandsize-bo(41748)
https://issues.rpath.com/browse/RPL-2444 External Source CONFIRM https://issues.rpath.com/browse/RPL-2444
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8249 External Source OVAL oval:org.mitre.oval:def:8249
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8494 External Source OVAL oval:org.mitre.oval:def:8494
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9407 External Source OVAL oval:org.mitre.oval:def:9407

References to Check Content

Identifier:
oval:org.mitre.oval:def:8249
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8249
Identifier:
oval:org.mitre.oval:def:8494
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8494
Identifier:
oval:org.mitre.oval:def:9407
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9407

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes