Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 80597 - dev-lang/python XML-RPC security issue
Summary: dev-lang/python XML-RPC security issue
Status: RESOLVED DUPLICATE of bug 80592
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Depends on:
Reported: 2005-02-03 09:05 UTC by Marco Morales
Modified: 2005-07-17 13:06 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marco Morales 2005-02-03 09:05:44 UTC
Ubuntu Security Notice USN-73-1           February 03, 2005
python2.2, python2.3 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to
version 2.2.3-10ubuntu0.1 (python2.2) and 2.3.4-2ubuntu0.1
(python2.3). After a standard system upgrade you must restart all
running Python server applications that use XML-RPC to effect the
necessary changes.

Details follow:

The Python developers discovered a flaw in the SimpleXMLRPCServer
module. Python XML-RPC servers that used the register_instance()
method to register an object, but do not have a _dispatch() method,
allowed remote users to access or change function internals using the
im_* and func_* attributes.

Reproducible: Always
Steps to Reproduce:
Comment 1 Jean-François Brunette (RETIRED) gentoo-dev 2005-02-03 09:09:57 UTC
it has already been submited
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-02-08 11:39:46 UTC

*** This bug has been marked as a duplicate of 80592 ***