CVE-2008-3144

Upstream information

CVE-2008-3144 at MITRE

Description

Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entry: 406051 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SR:2008:017, published Fri, 29 Aug 2008 14:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP1	`python >= 2.6.0-8.9.28` `python-32bit >= 2.6.0-8.9.28` `python-curses >= 2.6.0-8.9.28` `python-demo >= 2.6.0-8.9.28` `python-gdbm >= 2.6.0-8.9.28` `python-idle >= 2.6.0-8.9.28` `python-tk >= 2.6.0-8.9.28` `python-x86 >= 2.6.0-8.9.28`	Patchnames: SUSE Linux Enterprise Server 11 SP1 GA python
SUSE Linux Enterprise Server 11 SP2	`python >= 2.6.0-8.12.2` `python-32bit >= 2.6.0-8.12.2` `python-curses >= 2.6.0-8.12.2` `python-demo >= 2.6.0-8.12.2` `python-gdbm >= 2.6.0-8.12.2` `python-idle >= 2.6.0-8.12.2` `python-tk >= 2.6.0-8.12.2` `python-x86 >= 2.6.0-8.12.2`	Patchnames: SUSE Linux Enterprise Server 11 SP2 GA python
SUSE Linux Enterprise Server 11 SP3	`python >= 2.6.8-0.15.1` `python-32bit >= 2.6.8-0.15.1` `python-curses >= 2.6.8-0.15.1` `python-demo >= 2.6.8-0.15.1` `python-gdbm >= 2.6.8-0.15.1` `python-idle >= 2.6.8-0.15.1` `python-tk >= 2.6.8-0.15.1` `python-x86 >= 2.6.8-0.15.1`	Patchnames: SUSE Linux Enterprise Server 11 SP3 GA python
SUSE Linux Enterprise Server 11 SP4	`python >= 2.6.9-0.35.1` `python-32bit >= 2.6.9-0.35.1` `python-curses >= 2.6.9-0.35.1` `python-demo >= 2.6.9-0.35.1` `python-gdbm >= 2.6.9-0.35.1` `python-idle >= 2.6.9-0.35.1` `python-tk >= 2.6.9-0.35.1` `python-x86 >= 2.6.9-0.35.1`	Patchnames: SUSE Linux Enterprise Server 11 SP4 GA python
SUSE Linux Enterprise Software Development Kit 11 SP4	`python-32bit >= 2.6.9-0.35.1` `python-demo >= 2.6.9-0.35.1` `python-gdbm >= 2.6.9-0.35.1` `python-idle >= 2.6.9-0.35.1` `python-tk >= 2.6.9-0.35.1`	Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA python-32bit
SUSE Linux Enterprise SDK 10 SP2	`python-demo >= 2.4.2-18.22` `python-devel >= 2.4.2-18.22` `python-doc >= 2.4.2-18.19` `python-doc-pdf >= 2.4.2-18.19` `python-idle >= 2.4.2-18.22`	sles10-sp2.x86 sle10-sp2-sdk.x86 core9.ia64 sle10-sp2-sdk.s390x sles9-oes.x86 sled10.x86 sles9-nlpos.x86 sles10.ia64 sles10-sp2.ia64 sled10-sp2.x86 sles9-nld.x86 sles10-sp2.x86-64 sle10-sp2-sdk.x86-64 core9.ppc sled10.x86-64 sle10-sp2-sdk.ia64 sle10-sp1-sdk.x86-64 sle10-sp1-sdk.s390x sles9-nld.x86-64 sle10-sp1-sdk.x86 sles10-sp2.s390x sles10-sp2.ppc core9.x86-64 sles10.ppc sles10.s390x sle10-sp2-sdk.ppc sles10.x86 sles10.x86-64 sle10-sp1-sdk.ppc sled10-sp2.x86-64 core9.x86 core9.s390 core9.s390x sle10-sp1-sdk.ia64 ZYPP Patch Nr: 5490
Novell Linux Desktop 9 for x86 Open Enterprise Server	`python >= 2.3.3-88.24` `python-curses >= 2.3.3-88.24` `python-demo >= 2.3.3-88.24` `python-devel >= 2.3.3-88.24` `python-doc >= 2.3.3-88.24` `python-doc-pdf >= 2.3.3-88.24` `python-gdbm >= 2.3.3-88.24` `python-idle >= 2.3.3-88.24` `python-mpz >= 2.3.3-88.24` `python-tk >= 2.3.3-88.24` `python-xml >= 2.3.3-88.24`	sles10-sp2.x86 sle10-sp2-sdk.x86 core9.ia64 sle10-sp2-sdk.s390x sles9-oes.x86 sled10.x86 sles9-nlpos.x86 sles10.ia64 sles10-sp2.ia64 sled10-sp2.x86 sles9-nld.x86 sles10-sp2.x86-64 sle10-sp2-sdk.x86-64 core9.ppc sled10.x86-64 sle10-sp2-sdk.ia64 sle10-sp1-sdk.x86-64 sle10-sp1-sdk.s390x sles9-nld.x86-64 sle10-sp1-sdk.x86 sles10-sp2.s390x sles10-sp2.ppc core9.x86-64 sles10.ppc sles10.s390x sle10-sp2-sdk.ppc sles10.x86 sles10.x86-64 sle10-sp1-sdk.ppc sled10-sp2.x86-64 core9.x86 core9.s390 core9.s390x sle10-sp1-sdk.ia64 ZYPP Patch Nr: 5490
Novell Linux Desktop 9 for x86_64	`python >= 2.3.3-88.24` `python-32bit >= 9-200808010009` `python-curses >= 2.3.3-88.24` `python-demo >= 2.3.3-88.24` `python-devel >= 2.3.3-88.24` `python-doc >= 2.3.3-88.24` `python-doc-pdf >= 2.3.3-88.24` `python-gdbm >= 2.3.3-88.24` `python-idle >= 2.3.3-88.24` `python-mpz >= 2.3.3-88.24` `python-tk >= 2.3.3-88.24` `python-xml >= 2.3.3-88.24`	sles10-sp2.x86 sle10-sp2-sdk.x86 core9.ia64 sle10-sp2-sdk.s390x sles9-oes.x86 sled10.x86 sles9-nlpos.x86 sles10.ia64 sles10-sp2.ia64 sled10-sp2.x86 sles9-nld.x86 sles10-sp2.x86-64 sle10-sp2-sdk.x86-64 core9.ppc sled10.x86-64 sle10-sp2-sdk.ia64 sle10-sp1-sdk.x86-64 sle10-sp1-sdk.s390x sles9-nld.x86-64 sle10-sp1-sdk.x86 sles10-sp2.s390x sles10-sp2.ppc core9.x86-64 sles10.ppc sles10.s390x sle10-sp2-sdk.ppc sles10.x86 sles10.x86-64 sle10-sp1-sdk.ppc sled10-sp2.x86-64 core9.x86 core9.s390 core9.s390x sle10-sp1-sdk.ia64 ZYPP Patch Nr: 5490
openSUSE 11.0	`python-debuginfo >= 2.5.2-26.2` `python-debugsource >= 2.5.2-26.2`
openSUSE 11.0	`python >= 2.5.2-26.2` `python-32bit >= 2.5.2-26.2` `python-64bit >= 2.5.2-26.2` `python-curses >= 2.5.2-26.2` `python-demo >= 2.5.2-26.2` `python-devel >= 2.5.2-26.2` `python-gdbm >= 2.5.2-26.2` `python-idle >= 2.5.2-26.2` `python-tk >= 2.5.2-26.2` `python-xml >= 2.5.2-26.2`