CVE-2008-3144 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Affected Products (NVD)

Vendor	Product	Version
python	python	𝑥 ≤ 2.5.2

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

python2.4

dapper	Fixed 2.4.3-0ubuntu6.2 released
feisty	Fixed 2.4.4-2ubuntu7.2 released
gutsy	Fixed 2.4.4-6ubuntu4.2 released
hardy	Fixed 2.4.5-1ubuntu4.1 released

python2.5

dapper	dne
feisty	Fixed 2.5.1-0ubuntu1.2 released
gutsy	Fixed 2.5.1-5ubuntu5.2 released
hardy	Fixed 2.5.2-2ubuntu4.1 released

openSUSE / SLES Releases

openSUSE Product

Release

libpython2_7-1_0

suse enterprise desktop 15	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.1 fixed
suse enterprise sap 15	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.1 fixed
suse enterprise server 15	2.7.17-7.32.1 fixed
suse enterprise server 15 SP1	2.7.17-7.32.1 fixed
suse enterprise server 15 SP2	2.7.17-7.32.1 fixed
suse enterprise server 15 SP3	2.7.17-7.32.1 fixed

python

suse enterprise desktop 15	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.2 fixed
suse enterprise sap 15	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.2 fixed
suse enterprise server 15	2.7.17-7.32.2 fixed
suse enterprise server 15 SP1	2.7.17-7.32.2 fixed
suse enterprise server 15 SP2	2.7.17-7.32.2 fixed
suse enterprise server 15 SP3	2.7.17-7.32.2 fixed

python-base

suse enterprise desktop 15	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.1 fixed
suse enterprise sap 15	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.1 fixed
suse enterprise server 15	2.7.17-7.32.1 fixed
suse enterprise server 15 SP1	2.7.17-7.32.1 fixed
suse enterprise server 15 SP2	2.7.17-7.32.1 fixed
suse enterprise server 15 SP3	2.7.17-7.32.1 fixed

python-curses

suse enterprise desktop 15	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.2 fixed
suse enterprise sap 15	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.2 fixed
suse enterprise server 15	2.7.17-7.32.2 fixed
suse enterprise server 15 SP1	2.7.17-7.32.2 fixed
suse enterprise server 15 SP2	2.7.17-7.32.2 fixed
suse enterprise server 15 SP3	2.7.17-7.32.2 fixed

python-devel

suse enterprise desktop 15	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.1 fixed
suse enterprise sap 15	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.1 fixed
suse enterprise server 15	2.7.17-7.32.1 fixed
suse enterprise server 15 SP1	2.7.17-7.32.1 fixed
suse enterprise server 15 SP2	2.7.17-7.32.1 fixed
suse enterprise server 15 SP3	2.7.17-7.32.1 fixed

python-gdbm

suse enterprise desktop 15	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.2 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.2 fixed
suse enterprise sap 15	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.2 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.2 fixed
suse enterprise server 15	2.7.17-7.32.2 fixed
suse enterprise server 15 SP1	2.7.17-7.32.2 fixed
suse enterprise server 15 SP2	2.7.17-7.32.2 fixed
suse enterprise server 15 SP3	2.7.17-7.32.2 fixed

python-xml

suse enterprise desktop 15	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP1	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP2	2.7.17-7.32.1 fixed
suse enterprise desktop 15 SP3	2.7.17-7.32.1 fixed
suse enterprise sap 15	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP1	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP2	2.7.17-7.32.1 fixed
suse enterprise sap 15 SP3	2.7.17-7.32.1 fixed
suse enterprise server 15	2.7.17-7.32.1 fixed
suse enterprise server 15 SP1	2.7.17-7.32.1 fixed
suse enterprise server 15 SP2	2.7.17-7.32.1 fixed
suse enterprise server 15 SP3	2.7.17-7.32.1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://bugs.gentoo.org/show_bug.cgi?id=232137

http://bugs.python.org/issue2588

http://bugs.python.org/issue2589

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/31305

http://secunia.com/advisories/31332

http://secunia.com/advisories/31358

http://secunia.com/advisories/31365

http://secunia.com/advisories/31473

http://secunia.com/advisories/31518

http://secunia.com/advisories/31687

http://secunia.com/advisories/32793

http://secunia.com/advisories/33937

http://secunia.com/advisories/37471

http://security.gentoo.org/glsa/glsa-200807-16.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

http://support.apple.com/kb/HT3438

http://svn.python.org/view?rev=63728&view=rev

http://svn.python.org/view?rev=63734&view=rev

http://svn.python.org/view?rev=63883&view=rev

http://wiki.rpath.com/Advisories:rPSA-2008-0243

http://www.debian.org/security/2008/dsa-1667

http://www.mandriva.com/security/advisories?name=MDVSA-2008:163

http://www.mandriva.com/security/advisories?name=MDVSA-2008:164

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

http://www.securityfocus.com/archive/1/495445/100/0/threaded

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/30491

http://www.ubuntu.com/usn/usn-632-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2008/2288

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/44171

https://exchange.xforce.ibmcloud.com/vulnerabilities/44173

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10170

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7725

http://bugs.gentoo.org/show_bug.cgi?id=232137

http://bugs.python.org/issue2588

http://bugs.python.org/issue2589

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/31305

http://secunia.com/advisories/31332

http://secunia.com/advisories/31358

http://secunia.com/advisories/31365

http://secunia.com/advisories/31473

http://secunia.com/advisories/31518

http://secunia.com/advisories/31687

http://secunia.com/advisories/32793

http://secunia.com/advisories/33937

http://secunia.com/advisories/37471

http://security.gentoo.org/glsa/glsa-200807-16.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289

http://support.apple.com/kb/HT3438

http://svn.python.org/view?rev=63728&view=rev

http://svn.python.org/view?rev=63734&view=rev

http://svn.python.org/view?rev=63883&view=rev

http://wiki.rpath.com/Advisories:rPSA-2008-0243

http://www.debian.org/security/2008/dsa-1667

http://www.mandriva.com/security/advisories?name=MDVSA-2008:163

http://www.mandriva.com/security/advisories?name=MDVSA-2008:164

http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

http://www.securityfocus.com/archive/1/495445/100/0/threaded

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/bid/30491

http://www.ubuntu.com/usn/usn-632-1

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2008/2288

http://www.vupen.com/english/advisories/2009/3316

https://exchange.xforce.ibmcloud.com/vulnerabilities/44171

https://exchange.xforce.ibmcloud.com/vulnerabilities/44173

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10170

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7725