472,328 Members | 1,776 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

home > topics > python > questions > security advisory [psf-2006-001] buffer overrun in repr() for ucs-4encoded unicode strings

Join Bytes to post your question to a community of 472,328 software developers and data experts.

SECURITY ADVISORY [PSF-2006-001] Buffer overrun in repr() for UCS-4encoded unicode strings

SECURITY ADVISORY [PSF-2006-001]
Buffer overrun in repr() for UCS-4 encoded unicode strings

http://www.python.org/news/security/PSF-2006-001/

Advisory ID: PSF-2006-001
Issue Date: October 12, 2006
Product: Python
Versions: 2.2, 2.3, 2.4 prior to 2.4.4, wide unicode (UCS-4) builds only
CVE Names: CAN-2006-4980

Python is an interpreted, interactive, object-oriented programming language.
It is often compared to Tcl, Perl, Scheme or Java.

The Python development team has discovered a flaw in the repr() implementation
of Unicode string objects which can lead to execution of arbitrary code due
to an overflow in a buffer allocated with insufficient size.

The flaw only manifests itself in Python builds configured to support UCS-4
Unicode strings (using the --enable-unicode=ucs4 configure flag). This is
still not the default, which is why the vulnerability should not be present
in most Python builds out there, especially not the builds for the Windows or
Mac OS X platform provided by www.python.org.

You can find out whether you are running a UCS-4 enabled build by looking at
the sys.maxunicode attribute: it is 65535 in a UCS-2 build and 1114111 in a
UCS-4 build.

More information can be found in this posting to the python-dev mailing list:
http://mail.python.org/pipermail/pyt...er/069260.html

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2006-4980 to this issue.

Python 2.4.4 will be released from www.python.org next week containing a fix
for this issue. A release candidate of 2.4.4 is already available containing
the fix. Python 2.5 also already contains the fix and is not vulnerable.

Patches for Python 2.2, 2.3 and 2.4 are also immediately available:

* http://python.org/files/news/securit.../patch-2.3.txt
(Python 2.2, 2.3)
* http://python.org/files/news/securit.../patch-2.4.txt
(Python 2.4)

Acknowledgement: thanks to Benjamin C. Wiley Sittler for discovering this
issue.

The official URL for this security advisory is
http://www.python.org/news/security/PSF-2006-001/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQBFLe9wDt3F8mpFyBYRAqjoAJ9nautQiN193DgARfx2nK WOPrKFXQCeOafq
X3GlGx94ShTRjVwtO2tqpZI=
=g/BJ
-----END PGP SIGNATURE-----

Oct 12 '06 #1
0 1556
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
PHP developers for Macromedia advisory board
by: Supernews | last post by:
I work for Macromedia and we are looking to form advisory groups to better understand the needs of developers and inform future product development....
PHP
38
PHP blamed for security problems
by: Tim Tyler | last post by:
Here's what this morning's security advisory read here: ``In the last 3 months we have noticed an marked increase in the number of web-server...
PHP
0
Please Donate to the PSF
by: Stephan Deibel | last post by:
Hi, As the holiday season ends and a new year approaches, I would like to take this opportunity to thank everyone that donated to the Python...
Python
0
PSF donations update
by: Stephan Deibel | last post by:
Hi, Just wanted to follow up on my earlier message requesting donations to the Python Software Foundation. The PSF has now announced the...
Python
0
Subscription donations to PSF
by: Alan McIntyre | last post by:
Hi all, I asked the PSF folks if they plan on offering a subscription donation option, and they do eventually, if there's enough interest. If...
Python
0
Security Center Advisory
by: PayPal | last post by:
<HTML> <HEAD> <META NAME="GENERATOR" Content="Microsoft DHTML Editing Control"> <TITLE></TITLE> </HEAD> <BODY> <STYLE type=text/css> ..dummy...
MySQL Database
2
diff of advisory lock and mandatory locks
by: Bangalore | last post by:
Hi, Plz, clarify me , with the differences between advisory lock and mandatory locks. Thnanks in advance Bangalore.
C / C++
11
MS Access, Oracle 9i, security, and pass-thru update queries
by: DFS | last post by:
Architecture: Access 2003 client, Oracle 9i repository, no Access security in place, ODBC linked tables. 100 or so users, in 3 or 4 groups...
Microsoft Access / VBA
28
"FE Updater" and macro security
by: darren via AccessMonster.com | last post by:
Hi I've seen details on bypassing macro security with a bat file but has any one incorporated this with Tony Toews FE Updater? If so, I'd...
Microsoft Access / VBA
1
Crunchy security advisory
by: =?iso-8859-1?B?QW5kcuk=?= | last post by:
A security hole has been uncovered in Crunchy (version 0.9.1.1 and earlier). Anyone using Crunchy to browse web tutorials should only visit sites...
Python
0
Tips for Saving Money on Buying a Gaming Laptop
by: tammygombez | last post by:
Hey everyone! I've been researching gaming laptops lately, and I must say, they can get pretty expensive. However, I've come across some great...
Computer Hardware
0
List of Topmost 8 Electronics Engineering Forum Websites
by: teenabhardwaj | last post by:
How would one discover a valid source for learning news, comfort, and help for engineering designs? Covering through piles of books takes a lot of...
General
0
Benefits of Blockchain App Development for Enterprise Businesses
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and...
General
0
How to minimize a tool bar that shows up when in reports
by: CD Tom | last post by:
This happens in runtime 2013 and 2016. When a report is run and then closed a toolbar shows up and the only way to get it to go away is to right...
General
0
how to collapse a custom toolbar in VBA
by: CD Tom | last post by:
This only shows up in access runtime. When a user select a report from my report menu when they close the report they get a menu I've called Add-ins...
General
0
jalbright99669
https redirect with reverse proxy
by: jalbright99669 | last post by:
Am having a bit of a time with URL Rewrite. I need to incorporate http to https redirect with a reverse proxy. I have the URL Rewrite rules made...
IIS / Internet Information Server
0
Hyperconverged All-in-One Streaming Engine, ushering in new age for distributed database
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was...
General
0
How to layout php header location with a variable as the location?
by: Matthew3360 | last post by:
Hi there. I have been struggling to find out how to use a variable as my location in my header redirect function. Here is my code. ...
PHP
1
How to use http requests (Get function) to get variable value?
by: Matthew3360 | last post by:
Hi, I have a python app that i want to be able to get variables from a php page on my webserver. My python app is on my computer. How would I make it...
Python

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy

Sitemap

Follow us! Get the Latest Bytes Updates