Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

Security Response to CVE-2006-4980: Buffer Overflow in the repr() Function in Python

Details

VMware Security Response
CVE identifier CVE-2006-4980
Synopsis Buffer overflow in the repr() function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
CVE URL

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

Response issued on December 21, 2006
Response updated on  

Relevant Release

The issue affects ESX Server 3.x.

Problem Description

The Python repr() function can handle UTF-32/UCS-4 strings in such a way as to introduce a security flaw in applications written in Python using the repr() function on untrusted data. This could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application.
 
Red Hat has released a security update with the Advisory ID RHSA-2006:0713-01, described at https://rhn.redhat.com/errata/RHSA-2006-0713. html.

Solution

An upcoming release of ESX Server 3.x will provide a fix for this issue. VMkernel will include updated Python packages.

Keywords

alertz; urlz

Feedback

Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)
Submit
Rating: 1 - Lowest 2 3 4 5 - Highest (0 Ratings)   
Actions
  • KB Article: 5120103
  • Updated: Aug 14, 2009
  • Products:
    VMware ESX
  • Product Versions:
    VMware ESX 3.0.x