Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides

Search the VMware Knowledge Base (KB)

View by Article ID

Security Response to CVE-2006-4980: Buffer Overflow in the repr() Function in Python

Details

VMware Security Response
CVE identifier	CVE-2006-4980
Synopsis	Buffer overflow in the `repr()` function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
CVE URL	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
Response issued on	December 21, 2006
Response updated on

Relevant Release

The issue affects ESX Server 3.x.

Problem Description

The Python repr() function can handle UTF-32/UCS-4 strings in such a way as to introduce a security flaw in applications written in Python using the repr() function on untrusted data. This could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application.

Red Hat has released a security update with the Advisory ID RHSA-2006:0713-01, described at https://rhn.redhat.com/errata/RHSA-2006-0713. html.

Solution

An upcoming release of ESX Server 3.x will provide a fix for this issue. VMkernel will include updated Python packages.

Keywords

alertz; urlz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

1 2 3 4 5

1 2 3 4 5

Actions

Bookmark Document

KB:

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)