安全研究

安全漏洞
Python SimpleXMLRPCServer模块安全漏洞

发布日期:2005-02-03
更新日期:2005-02-04

受影响系统:
Ubuntu Ubuntu 4.10
Python python 2.3
Python python 2.2
描述:
CVE(CAN) ID: CVE-2005-0089

Python是一种开放源代码的强大功能的脚本编程语言。

Python的SimpleXMLRPCServer模块存在缺陷,远程攻击者可以利用这个漏洞访问和更改函数内部。

Python XML-RPC服务程序使用register_instance()方法注册一个对象,没有使用_dispatch()方法,允许远程用户使用im_*和func_*属性访问或更改函数内部。如果注册的对象是个模块,如是OS模块,攻击者就可以调用os.system()函数来执行任意命令。

<*来源:Martin Pitt (martin.pitt@canonical.com
  
  链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110747149105500&w=2
*>

建议:
厂商补丁:

Ubuntu
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1.diff.gz

Size/MD5:  1927781 2df9c99747532348619bbb8d8d5f3996

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1.dsc  
Size/MD5:     1184 3e1c5d029c99987852bad718712dcf76

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3.orig.tar.gz  

Size/MD5:  6711816 c23fbe6a0cdf800734f5813b9f7cb1d0

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1.diff.gz  
Size/MD5:  2284380 04304bcdf030e24976fa4f846b754aa8

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1.dsc  

Size/MD5:     1141 28c897b1a2c44ee9eb72cc30177f8697

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4.orig.tar.gz

Size/MD5:  8502596 d68a6a490c04b2c8f664ba4f2192e2fb

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/idle-python2.2_2.2.3-10ubuntu0.1_all.deb  

Size/MD5:   116018 b4ab3787a4c6b4025a9ae70393990b45

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.3/idle-python2.3_2.3.4-2ubuntu0.1_all.deb  

Size/MD5:   228350 07375ecb2762227776cd700429d8531c

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-doc_2.2.3-10ubuntu0.1_all.deb  

Size/MD5:  2268242 a572cf6409ca4a82721952ae7d36529d

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-examples_2.2.3-10ubuntu0.1_all.deb  

Size/MD5:   479006 cdf96d86449bdbd72ef25e5830a9a8fe

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-doc_2.3.4-2ubuntu0.1_all.deb
Size/MD5:  2816894 91930107a10bb529d3cba16312457d76

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-examples_2.3.4-2ubuntu0.1_all.deb  

Size/MD5:   507732 2daf5ccaec4f6b967223b09b15f85197

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_amd64.deb
Size/MD5:  1402344 a1d36ff39d0fb0cf2a05b22175f3083f

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_amd64.deb  

Size/MD5:    20138 e771840c7881423e226d0fb37a2e1a1e

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_amd64.deb  

Size/MD5:    24932 a71d0c4e6301b330b62edc73865300ae

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_amd64.deb  
Size/MD5:    96092 606bcccac218c73b3f86658cb4ba4750

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_amd64.deb  

Size/MD5:    54902 a030a68171c6fc6591a9e8af1ed1c31b

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_amd64.deb  
Size/MD5:  2240692 59cb63acc72ee9b6b93f786555f6343f

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_amd64.deb  
Size/MD5:  1747592 a9c0dd251682fb7101ebfcad03d1d114

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_amd64.deb
Size/MD5:    22300 5cc5444cf4c6361e7f2bb7970a53dad2

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_amd64.deb  
Size/MD5:    27138 f362a0c22d0ebeb4f82910ce8fad2206

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_amd64.deb  
Size/MD5:   104686 ce82ad1e4225e88a9d442e86e3df1cbd

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_amd64.deb  
Size/MD5:  2868960 2eb165d9c2654606c26cf2f8e195b638

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_i386.deb  
Size/MD5:  1272072 875cdbb06f99e8a47e3c101e15663c8a

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_i386.deb  

Size/MD5:    19798 d77efa2115ebe5865ea364851469a829

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_i386.deb  

Size/MD5:    23686 45e1ed9fd53a647d917537c10c7a46d6

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_i386.deb  
Size/MD5:    93364 389380de54da2d08c7b04c1aa4c95677

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_i386.deb  

Size/MD5:    53162 90aaed4f73b488ada5cd06986d226614

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_i386.deb  
Size/MD5:  2114526 47c6ae1fece9dc560b1e8936e79df43e

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_i386.deb  
Size/MD5:  1601264 7abd99ff94b75c7afd6c1588215293de

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_i386.deb  
Size/MD5:    21950 9b9dde52eabbc8814c1e3afa2704473f

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_i386.deb  
Size/MD5:    25828 e784462eff29ce1e01bfe752868abd27

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_i386.deb  
Size/MD5:   102082 dcdfa6a516d8d304f61d545004ddd966

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_i386.deb  
Size/MD5:  2709818 3cb0d2298cd5f16cc788a605030cb443

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-dev_2.2.3-10ubuntu0.1_powerpc.deb  

Size/MD5:  1503152 4256f400ee60f9742b126b0e1b3a7632

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-gdbm_2.2.3-10ubuntu0.1_powerpc.deb

Size/MD5:    21666 6ee9aba13aeeaa94241a8c3374845cf1

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-mpz_2.2.3-10ubuntu0.1_powerpc.deb  

Size/MD5:    26042 6379c3913926b334540a7242375d0941

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2-tk_2.2.3-10ubuntu0.1_powerpc.deb  

Size/MD5:    96722 cb91d46072de61a5ada927174302ffe9

http://security.ubuntu.com/ubuntu/pool/universe/p/python2.2/python2.2-xmlbase_2.2.3-10ubuntu0.1_powerpc.deb  

Size/MD5:    55926 8cc515a6cf422176e742308f084d3f19

http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1_powerpc.deb  
Size/MD5:  2358186 d741cf48639a380c1a2b0e403d5ed8d6

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-dev_2.3.4-2ubuntu0.1_powerpc.deb  

Size/MD5:  1863678 57357eb08927011b1cd7d380ff95bdf5

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-gdbm_2.3.4-2ubuntu0.1_powerpc.deb  

Size/MD5:    23732 b5c6ce94233cd2ec0766f2719f398cc8

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-mpz_2.3.4-2ubuntu0.1_powerpc.deb  

Size/MD5:    28194 d177c4e8a8f4a939978720e52a70f46b

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3-tk_2.3.4-2ubuntu0.1_powerpc.deb
Size/MD5:   105318 344134e35b32ee6943a77e4e11dd4d05

http://security.ubuntu.com/ubuntu/pool/main/p/python2.3/python2.3_2.3.4-2ubuntu0.1_powerpc.deb  
Size/MD5:  3024388 852ffcf5cfd7fcf2f1f65121f58dced9

浏览次数:3558
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障