In association with heise online

08 October 2006, 20:50

A bug in Python permits execution of arbitrary code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The scripting language Python has a security problem relating to string handling. According to a security notice from Ubuntu, if UTF-32/UCS-4 coded strings are passed to the repr() function, it is possible to infiltrate code and to execute this code with the privileges of the Python application. An attacker could, in certain circumstances, gain control of a web server which uses Python scripts. In most cases, however, the Python application would merely crash.

Versions 2.3 and 2.4 are affected. No official patch is yet available, but upgrading to Python 2.5 will remedy the problem. Packages with bug free versions of 2.3 and 2.4 have already been released by Ubuntu. Other Linux distributions should soon follow suit.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit