Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 503348 - Critical remote execution vulnerability in python
Summary: Critical remote execution vulnerability in python
Status: RESOLVED DUPLICATE of bug 500518
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Highest critical (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2014-03-03 19:00 UTC by Daniel Bradshaw
Modified: 2014-03-03 19:20 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bradshaw 2014-03-03 19:00:11 UTC
There is a buffer overflow in socket.recvfrom_into that permits arbitrary remote code execution.  There is also a known exploit published for this issue.
Given how trivial it is to exploit this from the network, as a completely unauthenticated party, the flaw is fairly critical.

Affected versions are reported as:
  Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1
So that's everything currently in the tree.

Could we have the appropriate package bumps pushed ASAP?

Upstream bug report:

Relevant CVE links:

Thanks in advance.

Reproducible: Always
Comment 1 Samuel Damashek (RETIRED) gentoo-dev 2014-03-03 19:03:33 UTC

*** This bug has been marked as a duplicate of bug 500518 ***
Comment 2 Daniel Bradshaw 2014-03-03 19:20:31 UTC
Apologies, I some how missed that bug when I did a search for existing bugs.