Support > Knowledge Base
Knowledge Base

Search the Knowledge Base: |
Search the Knowledge Base: |
Security Response to CVE-2006-4980: Buffer Overflow in the repr() Function in Python
Details
| VMware Security Response | |
|---|---|
| CVE identifier | CVE-2006-4980 |
| Synopsis | Buffer overflow in the repr() function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts. |
| CVE URL | |
| Response issued on | December 21, 2006 |
| Response updated on | |
Relevant Release
The issue affects ESX Server 3.x.
Problem Description
The Python repr() function can handle UTF-32/UCS-4
strings in such a way as to introduce a security flaw in
applications written in Python using the repr() function
on untrusted data. This could lead to a denial of service or
possibly allow the execution of arbitrary code with the privileges
of the Python application.
Red Hat has released a security update with the Advisory ID
RHSA-2006:0713-01, described at https://rhn.redhat.com/errata/RHSA-2006-0713.
html.
Solution
An upcoming release of ESX Server 3.x will provide a fix
for this issue. VMkernel will include updated Python
packages.
Keywords
Feedback
Actions
- KB Article: 5120103
- Updated: Aug 14, 2009
- Products:
VMware ESX - Product Versions:
VMware ESX 3.0.x

