473,569 Members | 2,845 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

SECURITY ADVISORY [PSF-2006-001] Buffer overrun in repr() for UCS-4encoded unicode strings

Buffer overrun in repr() for UCS-4 encoded unicode strings


Advisory ID: PSF-2006-001
Issue Date: October 12, 2006
Product: Python
Versions: 2.2, 2.3, 2.4 prior to 2.4.4, wide unicode (UCS-4) builds only
CVE Names: CAN-2006-4980

Python is an interpreted, interactive, object-oriented programming language.
It is often compared to Tcl, Perl, Scheme or Java.

The Python development team has discovered a flaw in the repr() implementation
of Unicode string objects which can lead to execution of arbitrary code due
to an overflow in a buffer allocated with insufficient size.

The flaw only manifests itself in Python builds configured to support UCS-4
Unicode strings (using the --enable-unicode=ucs4 configure flag). This is
still not the default, which is why the vulnerability should not be present
in most Python builds out there, especially not the builds for the Windows or
Mac OS X platform provided by www.python.org.

You can find out whether you are running a UCS-4 enabled build by looking at
the sys.maxunicode attribute: it is 65535 in a UCS-2 build and 1114111 in a
UCS-4 build.

More information can be found in this posting to the python-dev mailing list:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2006-4980 to this issue.

Python 2.4.4 will be released from www.python.org next week containing a fix
for this issue. A release candidate of 2.4.4 is already available containing
the fix. Python 2.5 also already contains the fix and is not vulnerable.

Patches for Python 2.2, 2.3 and 2.4 are also immediately available:

* http://python.org/files/news/securit.../patch-2.3.txt
(Python 2.2, 2.3)
* http://python.org/files/news/securit.../patch-2.4.txt
(Python 2.4)

Acknowledgement : thanks to Benjamin C. Wiley Sittler for discovering this

The official URL for this security advisory is

Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBFLe9wDt3 F8mpFyBYRAqjoAJ 9nautQiN193DgAR fx2nKWOPrKFXQCe Oafq
X3GlGx94ShTRjVw tO2tqpZI=

Oct 12 '06 #1
0 1639

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Supernews | last post by:
I work for Macromedia and we are looking to form advisory groups to better understand the needs of developers and inform future product development. Those participating will have direct contact with us and other advisory board members and be provided with free Macromedia software. If you are interested in participating, please complete an...
by: Tim Tyler | last post by:
Here's what this morning's security advisory read here: ``In the last 3 months we have noticed an marked increase in the number of web-server attacks and successful compromise on our network. These are mostly PHP-script exploits and are giving hackers easy shell access to virtual servers, as mentioned in the PHP Security Advisory in the News...
by: Stephan Deibel | last post by:
Hi, As the holiday season ends and a new year approaches, I would like to take this opportunity to thank everyone that donated to the Python Software Foundation (PSF) in the past. Everyone's support is greatly appreciated. We now have well over 400 donors, many of whom donate regularly: http://www.python.org/psf/donations.html
by: Stephan Deibel | last post by:
Hi, Just wanted to follow up on my earlier message requesting donations to the Python Software Foundation. The PSF has now announced the projects we are funding in our first round of grants: http://www.python.org/psf/grants/
by: Alan McIntyre | last post by:
Hi all, I asked the PSF folks if they plan on offering a subscription donation option, and they do eventually, if there's enough interest. If you have any interest in donating a small amount (preferably >= US$5) to the PSF on a regular basis (monthly?), then please respond here in the newsgroup or otherwise communicate this interest to the...
by: PayPal | last post by:
<HTML> <HEAD> <META NAME="GENERATOR" Content="Microsoft DHTML Editing Control"> <TITLE></TITLE> </HEAD> <BODY> <STYLE type=text/css> ..dummy {} BODY, TD {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;}
by: Bangalore | last post by:
Hi, Plz, clarify me , with the differences between advisory lock and mandatory locks. Thnanks in advance Bangalore.
by: DFS | last post by:
Architecture: Access 2003 client, Oracle 9i repository, no Access security in place, ODBC linked tables. 100 or so users, in 3 or 4 groups (Oracle roles actually): Admins, Updaters and ReadOnly. Each group sees a different set of menu options when they open the client and login to Oracle. For the sake of speed I use pass-through queries...
by: darren via AccessMonster.com | last post by:
Hi I've seen details on bypassing macro security with a bat file but has any one incorporated this with Tony Toews FE Updater? If so, I'd appreciate some guidance. As both open the database I'm not sure how/if this will work. Thanks
by: =?iso-8859-1?B?QW5kcuk=?= | last post by:
A security hole has been uncovered in Crunchy (version and earlier). Anyone using Crunchy to browse web tutorials should only visit sites that are trustworthy. We are working hard at fixing the hole; a new release addressing the problems that have been found should be forthcoming shortly.
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.