安全研究
安全漏洞
Python SimpleXMLRPCServer模块安全漏洞
发布日期:2005-02-03
更新日期:2005-02-04
受影响系统:
Ubuntu Ubuntu 4.10描述:
Python python 2.3
Python python 2.2
CVE(CAN) ID: CVE-2005-0089
Python是一种开放源代码的强大功能的脚本编程语言。
Python的SimpleXMLRPCServer模块存在缺陷,远程攻击者可以利用这个漏洞访问和更改函数内部。
Python XML-RPC服务程序使用register_instance()方法注册一个对象,没有使用_dispatch()方法,允许远程用户使用im_*和func_*属性访问或更改函数内部。如果注册的对象是个模块,如是OS模块,攻击者就可以调用os.system()函数来执行任意命令。
<*来源:Martin Pitt (martin.pitt@canonical.com)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110747149105500&w=2
*>
建议:
厂商补丁:
Ubuntu
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1.diff.gz
Size/MD5: 1927781 2df9c99747532348619bbb8d8d5f3996
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1.dsc
Size/MD5: 1184 3e1c5d029c99987852bad718712dcf76
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3.orig.tar.gz
Size/MD5: 6711816 c23fbe6a0cdf800734f5813b9f7cb1d0
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1.diff.gz
Size/MD5: 2284380 04304bcdf030e24976fa4f846b754aa8
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1.dsc
Size/MD5: 1141 28c897b1a2c44ee9eb72cc30177f8697
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4.orig.tar.gz
Size/MD5: 8502596 d68a6a490c04b2c8f664ba4f2192e2fb
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/idle-python2.2_2.2.3-10ubuntu0.1_all.deb
Size/MD5: 116018 b4ab3787a4c6b4025a9ae70393990b45
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.3/idle-python2.3_2.3.4-2ubuntu0.1_all.deb
Size/MD5: 228350 07375ecb2762227776cd700429d8531c
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-doc_2.2.3-10ubuntu0.1_all.deb
Size/MD5: 2268242 a572cf6409ca4a82721952ae7d36529d
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-examples_2.2.3-10ubuntu0.1_all.deb
Size/MD5: 479006 cdf96d86449bdbd72ef25e5830a9a8fe
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-doc_2.3.4-2ubuntu0.1_all.deb
Size/MD5: 2816894 91930107a10bb529d3cba16312457d76
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-examples_2.3.4-2ubuntu0.1_all.deb
Size/MD5: 507732 2daf5ccaec4f6b967223b09b15f85197
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_amd64.deb
Size/MD5: 1402344 a1d36ff39d0fb0cf2a05b22175f3083f
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_amd64.deb
Size/MD5: 20138 e771840c7881423e226d0fb37a2e1a1e
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_amd64.deb
Size/MD5: 24932 a71d0c4e6301b330b62edc73865300ae
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_amd64.deb
Size/MD5: 96092 606bcccac218c73b3f86658cb4ba4750
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_amd64.deb
Size/MD5: 54902 a030a68171c6fc6591a9e8af1ed1c31b
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_amd64.deb
Size/MD5: 2240692 59cb63acc72ee9b6b93f786555f6343f
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_amd64.deb
Size/MD5: 1747592 a9c0dd251682fb7101ebfcad03d1d114
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_amd64.deb
Size/MD5: 22300 5cc5444cf4c6361e7f2bb7970a53dad2
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_amd64.deb
Size/MD5: 27138 f362a0c22d0ebeb4f82910ce8fad2206
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_amd64.deb
Size/MD5: 104686 ce82ad1e4225e88a9d442e86e3df1cbd
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_amd64.deb
Size/MD5: 2868960 2eb165d9c2654606c26cf2f8e195b638
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_i386.deb
Size/MD5: 1272072 875cdbb06f99e8a47e3c101e15663c8a
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_i386.deb
Size/MD5: 19798 d77efa2115ebe5865ea364851469a829
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_i386.deb
Size/MD5: 23686 45e1ed9fd53a647d917537c10c7a46d6
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_i386.deb
Size/MD5: 93364 389380de54da2d08c7b04c1aa4c95677
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_i386.deb
Size/MD5: 53162 90aaed4f73b488ada5cd06986d226614
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_i386.deb
Size/MD5: 2114526 47c6ae1fece9dc560b1e8936e79df43e
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_i386.deb
Size/MD5: 1601264 7abd99ff94b75c7afd6c1588215293de
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_i386.deb
Size/MD5: 21950 9b9dde52eabbc8814c1e3afa2704473f
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_i386.deb
Size/MD5: 25828 e784462eff29ce1e01bfe752868abd27
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_i386.deb
Size/MD5: 102082 dcdfa6a516d8d304f61d545004ddd966
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_i386.deb
Size/MD5: 2709818 3cb0d2298cd5f16cc788a605030cb443
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_powerpc.deb
Size/MD5: 1503152 4256f400ee60f9742b126b0e1b3a7632
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_powerpc.deb
Size/MD5: 21666 6ee9aba13aeeaa94241a8c3374845cf1
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_powerpc.deb
Size/MD5: 26042 6379c3913926b334540a7242375d0941
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_powerpc.deb
Size/MD5: 96722 cb91d46072de61a5ada927174302ffe9
http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_powerpc.deb
Size/MD5: 55926 8cc515a6cf422176e742308f084d3f19
http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_powerpc.deb
Size/MD5: 2358186 d741cf48639a380c1a2b0e403d5ed8d6
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_powerpc.deb
Size/MD5: 1863678 57357eb08927011b1cd7d380ff95bdf5
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_powerpc.deb
Size/MD5: 23732 b5c6ce94233cd2ec0766f2719f398cc8
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_powerpc.deb
Size/MD5: 28194 d177c4e8a8f4a939978720e52a70f46b
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_powerpc.deb
Size/MD5: 105318 344134e35b32ee6943a77e4e11dd4d05
http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_powerpc.deb
Size/MD5: 3024388 852ffcf5cfd7fcf2f1f65121f58dced9
浏览次数:3558
严重程度:0(网友投票)
绿盟科技给您安全的保障