Note: This is an archival copy of Security Sun Alert 273570 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021682.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
Multiple buffer and integer overflow vulnerabilities in Python (see python(1)) may allow a local or remote unprivileged user to execute arbitrary code with the privileges of the Python application or crash a Python application resulting in a Denial of Service (DoS).
These issues are also referenced in the following documents:
CVE-2007-4965 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965
CVE-2008-1679 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
CVE-2008-1721 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721
CVE-2008-2315 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315
2. Contributing Factors
These issues can occur in the following releases:
OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of OpenSolaris, the following command can be used:
$ uname -v3. Symptoms
If one of these issues should occur, a Python application may crash and potentially create a core dump depending on the system configuration. There are no predictable symptoms that would indicate one of these issues has been exploited to execute arbitrary code.
There is no workaround for these issues. Please see the Resolution section below.
These issues are addressed in the following releases:
Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
11-Jan-2010: Updated Contributing Factors and Resolution sections; now Resolved
This solution has no attachment