CVE-2008-2315 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Affected Products (NVD)

Vendor	Product	Version
python	python	𝑥 ≤ 2.5.2

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

python2.4

dapper	Fixed 2.4.3-0ubuntu6.2 released
feisty	Fixed 2.4.4-2ubuntu7.2 released
gutsy	Fixed 2.4.4-6ubuntu4.2 released
hardy	Fixed 2.4.5-1ubuntu4.1 released

python2.5

dapper	dne
feisty	Fixed 2.5.1-0ubuntu1.2 released
gutsy	Fixed 2.5.1-5ubuntu5.2 released
hardy	Fixed 2.5.2-2ubuntu4.1 released

openSUSE / SLES Releases

openSUSE Product

Release

libpython2_7-1_0

suse enterprise desktop 15	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.1 fixed
suse enterprise sap 15	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.1 fixed
suse enterprise server 15	2.7.17-7.32.1 fixed
suse enterprise server 15 SP1	2.7.17-7.32.1 fixed
suse enterprise server 15 SP2	2.7.17-7.32.1 fixed
suse enterprise server 15 SP3	2.7.17-7.32.1 fixed

python

suse enterprise desktop 15	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.2 fixed
suse enterprise sap 15	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.2 fixed
suse enterprise server 15	2.7.17-7.32.2 fixed
suse enterprise server 15 SP1	2.7.17-7.32.2 fixed
suse enterprise server 15 SP2	2.7.17-7.32.2 fixed
suse enterprise server 15 SP3	2.7.17-7.32.2 fixed

python-base

suse enterprise desktop 15	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.1 fixed
suse enterprise sap 15	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.1 fixed
suse enterprise server 15	2.7.17-7.32.1 fixed
suse enterprise server 15 SP1	2.7.17-7.32.1 fixed
suse enterprise server 15 SP2	2.7.17-7.32.1 fixed
suse enterprise server 15 SP3	2.7.17-7.32.1 fixed

python-curses

suse enterprise desktop 15	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.2 fixed
suse enterprise sap 15	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.2 fixed
suse enterprise server 15	2.7.17-7.32.2 fixed
suse enterprise server 15 SP1	2.7.17-7.32.2 fixed
suse enterprise server 15 SP2	2.7.17-7.32.2 fixed
suse enterprise server 15 SP3	2.7.17-7.32.2 fixed

python-devel

suse enterprise desktop 15	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.1 fixed
suse enterprise sap 15	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.1 fixed
suse enterprise server 15	2.7.17-7.32.1 fixed
suse enterprise server 15 SP1	2.7.17-7.32.1 fixed
suse enterprise server 15 SP2	2.7.17-7.32.1 fixed
suse enterprise server 15 SP3	2.7.17-7.32.1 fixed

python-gdbm

suse enterprise desktop 15	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.2 fixed
suse enterprise sap 15	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.2 fixed
suse enterprise server 15	2.7.17-7.32.2 fixed
suse enterprise server 15 SP1	2.7.17-7.32.2 fixed
suse enterprise server 15 SP2	2.7.17-7.32.2 fixed
suse enterprise server 15 SP3	2.7.17-7.32.2 fixed

python-xml

suse enterprise desktop 15	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.1 fixed
suse enterprise sap 15	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.1 fixed
suse enterprise server 15	2.7.17-7.32.1 fixed
suse enterprise server 15 SP1	2.7.17-7.32.1 fixed
suse enterprise server 15 SP2	2.7.17-7.32.1 fixed
suse enterprise server 15 SP3	2.7.17-7.32.1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://bugs.gentoo.org/attachment.cgi?id=159418&action=view

http://bugs.gentoo.org/show_bug.cgi?id=230640

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/31305

http://secunia.com/advisories/31332

http://secunia.com/advisories/31358

http://secunia.com/advisories/31365

http://secunia.com/advisories/31518

http://secunia.com/advisories/31687

http://secunia.com/advisories/32793

http://secunia.com/advisories/33937

http://secunia.com/advisories/37471

http://secunia.com/advisories/38675

http://security.gentoo.org/glsa/glsa-200807-16.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

http://support.apple.com/kb/HT3438

http://support.avaya.com/css/P8/documents/100074697

http://www.debian.org/security/2008/dsa-1667

http://www.mandriva.com/security/advisories?name=MDVSA-2008:163

http://www.mandriva.com/security/advisories?name=MDVSA-2008:164

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

http://www.openwall.com/lists/oss-security/2008/11/05/2

http://www.openwall.com/lists/oss-security/2008/11/05/3

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/30491

http://www.ubuntu.com/usn/usn-632-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2008/2288

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/44172

https://exchange.xforce.ibmcloud.com/vulnerabilities/44173

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761

http://bugs.gentoo.org/attachment.cgi?id=159418&action=view

http://bugs.gentoo.org/show_bug.cgi?id=230640

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/31305

http://secunia.com/advisories/31332

http://secunia.com/advisories/31358

http://secunia.com/advisories/31365

http://secunia.com/advisories/31518

http://secunia.com/advisories/31687

http://secunia.com/advisories/32793

http://secunia.com/advisories/33937

http://secunia.com/advisories/37471

http://secunia.com/advisories/38675

http://security.gentoo.org/glsa/glsa-200807-16.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

http://support.apple.com/kb/HT3438

http://support.avaya.com/css/P8/documents/100074697

http://www.debian.org/security/2008/dsa-1667

http://www.mandriva.com/security/advisories?name=MDVSA-2008:163

http://www.mandriva.com/security/advisories?name=MDVSA-2008:164

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

http://www.openwall.com/lists/oss-security/2008/11/05/2

http://www.openwall.com/lists/oss-security/2008/11/05/3

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/30491

http://www.ubuntu.com/usn/usn-632-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2008/2288

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/44172

https://exchange.xforce.ibmcloud.com/vulnerabilities/44173

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8445

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8683

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9761