ID CVE-2008-2316
Summary Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."
References
Vulnerable Configurations
  • cpe:2.3:a:python_software_foundation:python:1.5.2
    cpe:2.3:a:python_software_foundation:python:1.5.2
  • cpe:2.3:a:python_software_foundation:python:1.6.1
    cpe:2.3:a:python_software_foundation:python:1.6.1
  • cpe:2.3:a:python_software_foundation:python:2.0.1
    cpe:2.3:a:python_software_foundation:python:2.0.1
  • cpe:2.3:a:python_software_foundation:python:2.1.3
    cpe:2.3:a:python_software_foundation:python:2.1.3
  • cpe:2.3:a:python_software_foundation:python:2.2.3
    cpe:2.3:a:python_software_foundation:python:2.2.3
  • cpe:2.3:a:python_software_foundation:python:2.3.7
    cpe:2.3:a:python_software_foundation:python:2.3.7
  • cpe:2.3:a:python_software_foundation:python:2.4.5
    cpe:2.3:a:python_software_foundation:python:2.4.5
  • cpe:2.3:a:python_software_foundation:python:2.5.1
    cpe:2.3:a:python_software_foundation:python:2.5.1
  • cpe:2.3:a:python_software_foundation:python:2.5.2
    cpe:2.3:a:python_software_foundation:python:2.5.2
CVSS
Base: 7.5 (as of 01-08-2008 - 13:45)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-001.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 35684
    published 2009-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35684
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-001)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1977.NASL
    description Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. (CVE-2009-3560 CVE-2009-3720 ) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316 ) It only affects the oldstable distribution (etch).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44841
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44841
    title Debian DSA-1977-1 : python2.4 python2.5 - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_0DCCAA287F3C11DD8DE50030843D3802.NASL
    description Secunia reports : Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule. An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results. Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems. An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a 'vsnprintf()' function. An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 34164
    published 2008-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34164
    title FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2008-217-01.NASL
    description New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 33824
    published 2008-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33824
    title Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-163.NASL
    description Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). He also reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142). Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143). Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144). The updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37212
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37212
    title Mandriva Linux Security Advisory : python (MDVSA-2008:163)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PYTHON-5490.NASL
    description This update of python fixes several security vulnerabilities. (CVE-2008-1679 / CVE-2008-1887 / CVE-2008-3143 / CVE-2008-3142 / CVE-2008-3144 / CVE-2008-2315 / CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 33923
    published 2008-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33923
    title SuSE 10 Security Update : Python (ZYPP Patch Number 5490)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-632-1.NASL
    description It was discovered that there were new integer overflows in the imageop module. If an attacker were able to trick a Python application into processing a specially crafted image, they could execute arbitrary code with user privileges. (CVE-2008-1679) Justin Ferguson discovered that the zlib module did not correctly handle certain archives. If an attacker were able to trick a Python application into processing a specially crafted archive file, they could execute arbitrary code with user privileges. (CVE-2008-1721) Justin Ferguson discovered that certain string manipulations in Python could be made to overflow. If an attacker were able to pass a specially crafted string through the PyString_FromStringAndSize function, they could execute arbitrary code with user privileges. (CVE-2008-1887) Multiple integer overflows were discovered in Python's core and modules including hashlib, binascii, pickle, md5, stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service. (CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 33807
    published 2008-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33807
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200807-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200807-16 (Python: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Python: David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule (CVE-2008-2315). David Remahl of Apple Product Security also reported an integer overflow in the hashlib module, leading to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that only affect 32bit systems (CVE-2008-3142). The Google Security Team reported multiple integer overflows (CVE-2008-3143). Justin Ferguson reported multiple integer underflows and overflows in the PyOS_vsnprintf() function, and an off-by-one error when passing zero-length strings, leading to memory corruption (CVE-2008-3144). Impact : A remote attacker could exploit these vulnerabilities in Python applications or daemons that pass user-controlled input to vulnerable functions. Exploitation might lead to the execution of arbitrary code or a Denial of Service. Vulnerabilities within the hashlib might lead to weakened cryptographic protection of data integrity or authenticity. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 33782
    published 2008-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33782
    title GLSA-200807-16 : Python: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_PYTHON-080801.NASL
    description This update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40115
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40115
    title openSUSE Security Update : python (python-128)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PYTHON-5491.NASL
    description This update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 33924
    published 2008-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33924
    title openSUSE 10 Security Update : python (python-5491)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12215.NASL
    description This update of python fixes several security vulnerabilities. (CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41229
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41229
    title SuSE9 Security Update : Python (YOU Patch Number 12215)
refmap via4
apple APPLE-SA-2009-02-12
bid 30491
bugtraq 20080813 rPSA-2008-0243-1 idle python
confirm
gentoo GLSA-200807-16
mandriva MDVSA-2008:163
secunia
  • 31305
  • 31332
  • 31358
  • 31365
  • 31473
  • 31518
  • 31687
  • 33937
slackware SSA:2008-217-01
suse SUSE-SR:2008:017
ubuntu USN-632-1
vupen ADV-2008-2288
xf
  • python-hashlib-overflow(44174)
  • python-multiple-bo(44173)
statements via4
contributor Tomas Hoger
lastmodified 2008-08-04
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected module was only introduced upstream in python 2.5.
Last major update 07-03-2011 - 22:08
Published 01-08-2008 - 10:41
Last modified 11-10-2018 - 16:40
Back to Top