This came in to the webmaster address and was also addressed to a number of
individuals (looks like the SF project admins). This appears like it would
be of general interest to this group.
Looking through this message and the various bug tracker items it's not
clear to me if Secunia wants to know if the patch (which I believe has
already been applied to all three active svn branches) is the source of the
problem or if they want to know if it solves the buffer overrun problem.
Are they suggesting that 10*size should be the character multiple in all
cases?
Skip
--- Begin Message ---
Hi,
We are currently evaluating a buffer overflow in the repr() function in
the handling of Unicode strings in Python:
http://sourceforge.net/tracker/index.php?aid=1541585&group_id=5470&atid=305470&func=detail
https://launchpad.net/distros/ubuntu/+source/python2.4/+bug/56633
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208162
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208166
According to Red Hat this has been assigned CVE-2006-4980 and has been
marked as having a security impact. We would appreciate your comments on
the issue. Who and how could this be exploited and are there any
mitigating factors? Can this be exploited by an application (e.g. a CGI
script) which takes input from untrusted sources, transforms the input
into a UTF-32 string, and then calls repr() with it, to execute
arbitrary code?
Thank you in advance.
--
Kind regards,
Andreas Sandblad
IT Security Specialist
Secunia
Hammerensgade 4, 2. floor
DK-1267 Copenhagen K
Denmark
Tlf.: +45 7020 5144
Fax: +45 7020 5145
--- End Message ---
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
