Python PyLocale_strxfrm函数远程信息泄露漏洞

漏洞信息详情

Python PyLocale_strxfrm函数远程信息泄露漏洞

• CNNVD编号：CNNVD-200704-268
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2007-2052
  
• 漏洞类型：
  
  
  数字错误
  
• 发布时间：
  
  2007-04-16
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2020-02-11
  
• 厂        商：
  
  python_software_foundation
• 漏洞来源：
  Piotr Engelking※ i…

Python是一种开放源代码的脚本编程语言。

Python的Modules/_localemodule.c文件中的PyLocale_strxfrm函数中存在单字节溢出漏洞，允许攻击者读取部分内存内容。

Modules/_localemodule.c：361

356 n1 = strlen(s) + 1;

357 buf = PyMem_Malloc(n1);

358 if (!buf)

359 return PyErr_NoMemory();

360 n2 = strxfrm(buf, s, n1);

如果所转换的字符串长于原始字符串的话：

361 if (n2 ＞ n1) {

362 /* more space needed */

在这里会分配n2字节：

363 buf = PyMem_Realloc(buf, n2);

364 if (!buf)

365 return PyErr_NoMemory();

字符串会为n2字符长，终止的空字符不适合这个长度，因此字符串不会终止，在某些情况下可能导致信息泄露。

366 strxfrm(buf, s, n2);

367 }

368 result = PyString_FromString(buf);

369 PyMem_Free(buf);

370 return result;

371 }

372

373 ＃if defined(MS_WINDOWS)

374 static PyObject*

375 PyLocale_getdefaultlocale(PyObject* self)

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：

Debian已经为此发布了一个安全公告(DSA-1551-1)以及相应补丁:

DSA-1551-1：New python2.4 packages fix several vulnerabilities

链接：

http://www.debian.org/security/2008/dsa-1551

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz

Size/MD5 checksum: 195434 8b86b3dc4c5a86a9ad8682fee56f30ca

http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz

Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a

http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc

Size/MD5 checksum: 1201 585773fd24634e05bb56b8cc85215c65

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb

Size/MD5 checksum: 589642 63092c4cd1ea78c0993345be25a162b8

http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb

Size/MD5 checksum: 60864 21664a3f029087144046b6c175e88736

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb

Size/MD5 checksum: 2968890 60a29f058a96e21d278a738fbb8067bf

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb

Size/MD5 checksum: 1848176 ddb7c47970f277baa00e6c080e4530bd

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb

Size/MD5 checksum: 5226532 5aa6daa859acdfdfcb7445586f4a0eb6

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb

Size/MD5 checksum: 963606 38c08ee31ae6189631e503ad3d76fa87

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb

Size/MD5 checksum: 2967058 6f06a90e94a6068b126413111185aff5

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb

Size/MD5 checksum: 1635936 d5f98666609c652224b5552f5bb6b7a9

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb

Size/MD5 checksum: 966196 7436b29b52acd99872d79b595f489ace

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb

Size/MD5 checksum: 5587046 82444f4d11055f259d0899a0f8574b37

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb

Size/MD5 checksum: 2881272 408ac2b8cd6180975109364b26ae1c95

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb

Size/MD5 checksum: 901442 88d59caa6744da5c62a802124087d09c

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb

Size/MD5 checksum: 1500512 3113ad3590f5969703ce426a23ca67dd

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb

Size/MD5 checksum: 5351974 4f77de8e3dd9c12aa1e06a57cee82dac

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb

Size/MD5 checksum: 3073066 1b4498c26a825c27c6d9765ed8a2e33e

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb

Size/MD5 checksum: 5521834 68a5524fdb007cacc29a38865a43781d

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb

Size/MD5 checksum: 1798220 6c9ce4754c024fbd1674a63c5ba0f06a

http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb

Size/MD5 checksum: 1017646 b8dd6490a43da08aa36c43712c360ff8

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb

Size/MD5 checksum: 2849512 2598cb802b7f5e1aac6404b801a0a7f0

http://securit

来源:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2052※http://www.securityfocus.com/bid/23887※http://www.nsfocus.net/vulndb/11775

链接:无

来源:www.suse.com

链接:https://www.suse.com/support/update/announcement/2020/suse-su-20200234-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0296/