LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

python: arbitrary code execution

Package(s):python CVE #(s):CVE-2006-4980
Created:October 6, 2006 Updated:November 7, 2006
Description: Benjamin C. Wiley Sittler discovered that Python's repr() function did not properly handle UTF-32/UCS-4 strings. If an application uses repr() on arbitrary untrusted data, this could be exploited to execute arbitrary code with the privileges of the python application.
Alerts:
Fedora FEDORA-2006-1049 2006-11-06
Gentoo 200610-07:02 2006-10-17
Gentoo 200610-07 2006-10-17
rPath rPSA-2006-0187-1 2006-10-10
Mandriva MDKSA-2006:181 2006-10-10
Red Hat RHSA-2006:0713-01 2006-10-09
Ubuntu USN-359-1 2006-10-06
(Log in to post comments)

python: arbitrary code execution

Posted Aug 6, 2007 17:54 UTC (Mon) by kreutzm (guest, #4700) [Link]

Both Debian Sarge and Etch are not vulnerable.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds