Bug 442005 (CVE-2008-1721)

Summary: CVE-2008-1721 python: integer signedness error in the zlib extension module
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: james.antill, jlieskov, ohudlick, pfrields
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1721
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 09:06:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 486329, 486330, 486351, 486352, 537915    
Bug Blocks:    
Attachments:
Description Flags
Copy of the reproducer from the upstream bug
none
Copy of the reproducer from the upstream bug none

Description Tomas Hoger 2008-04-11 07:12:11 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1721 to the following vulnerability:

Integer signedness error in the zlib extension module in Python 2.5.2
and earlier allows remote attackers to execute arbitrary code via a
negative signed integer, which triggers insufficient memory allocation
and a buffer overflow.

References:
http://www.securityfocus.com/archive/1/archive/1/490690/100/0/threaded
http://bugs.python.org/issue2586
http://www.securityfocus.com/bid/28715

Comment 1 Josh Bressers 2008-04-15 19:53:39 UTC
Since this issue requires a rather silly use of the python zlib module, we have
classified it as having a low security impact.

A future update may address this flaw. More information regarding issue severity
can be found here: http://www.redhat.com/security/updates/classification/

Comment 2 Tomas Hoger 2008-04-23 15:00:40 UTC
Fix as applied in zlib module: http://svn.python.org/view?rev=62235&view=rev

Comment 3 Tomas Hoger 2008-04-23 15:05:13 UTC
Created attachment 303501 [details]
Copy of the reproducer from the upstream bug

python-2.5.2-zlib-unflush-misallocation.py

Comment 4 Tomas Hoger 2008-04-23 15:06:21 UTC
Created attachment 303502 [details]
Copy of the reproducer from the upstream bug

python-2.5.2-zlib-unflush-signedness.py

Comment 5 Jan Lieskovsky 2008-10-30 14:46:53 UTC
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.  More information regarding
issue severity can be found here:
http://www.redhat.com/security/updates/classification/

Comment 9 errata-xmlrpc 2009-07-27 09:22:58 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1176 https://rhn.redhat.com/errata/RHSA-2009-1176.html

Comment 10 errata-xmlrpc 2009-07-27 09:35:28 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:1177 https://rhn.redhat.com/errata/RHSA-2009-1177.html