In association with heise online

11 April 2008, 11:35

Buffer overflow in Python (de)compression module

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A hole in the zlib (de)compression module under Python is said to allow attackers to gain control of a system. According to reports the flaw is located in a function (flush) for deleting a decompression stream in which the amount of data to be deleted can be determined via a parameter. However, parameter values are not verified. A buffer overflow can be caused by submitting a negative value, allowing code to be injected and executed. A compromised application may also just crash.

Although the security hole is classified as critical by Justin Ferguson from IOActive who found the bug, his report doesn't give clear details about how the vulnerability can be triggered remotely. While the zlib module processes compression and decompression related user input, it is unlikely that the deletion parameter submitted to the compromised flush() method will be derived from user input to a web application.

The flaw was detected in Python version 2.5.2, but other versions are also likely to be affected. The developers of Python have already fixed the problem in the subversion repository.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit