Bug 898572 (CVE-2014-7185) - VUL-0: CVE-2014-7185: python: potential buffer overflow
Summary: VUL-0: CVE-2014-7185: python: potential buffer overflow
Status: RESOLVED FIXED
Alias: CVE-2014-7185
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/108521/
Whiteboard: CVSSv3.1:SUSE:CVE-2013-1752:5.3:(AV:N...
Keywords: DSLA_REQUIRED, DSLA_SOLUTION_PROVIDED
Depends on:
Blocks: 955182
  Show dependency treegraph
 
Reported: 2014-09-26 05:45 UTC by Marcus Meissner
Modified: 2020-06-30 19:12 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-09-26 05:45:17 UTC 
via oss-sec

Hello.

Python 2.7.8 fixes a potential wraparound in buffer() [1a & 1b] with
possible CWE-200 implications [2].

If not yet assigned, please consider a CVE designation for this issue.

Thanks.

--mancha

(Note: Though the request is for Python 2.7, vulnerable code appears to
exist in EOL'd versions 1.6.1 through 2.6.9 as well)

-------
 
[1a] Issue report: http://bugs.python.org/issue21831
[1b] Upstream fix:
https://hg.python.org/cpython/diff/8d963c7db507/Objects/bufferobject.c

[2]  PoC for Python 2.7:

--- overflow.py ---
import sys
a = bytearray('CVE request')
b = buffer(a, sys.maxsize, sys.maxsize)
print b[:8192]
-------------------
Comment 1 Marcus Meissner 2014-09-26 14:44:58 UTC 
these arguments seem very hard to influence by an attacker.

regardless of that people will just read "buffer overflow" and no further :(
Comment 2 SMASH SMASH 2014-09-26 15:00:12 UTC 
Affected packages:

SLE-10-SP3-TERADATA: python
SLE-11-SP3: python
SLE-11-SP3-PRODUCTS: python
SLE-11-SP3-UPTU: python
SLE-12: python
Comment 3 Bernhard Wiedemann 2014-10-02 14:00:22 UTC 
This is an autogenerated message for OBS integration:
This bug (898572) was mentioned in
https://build.opensuse.org/request/show/253635 Factory / python
Comment 6 Sebastian Krahmer 2014-10-06 08:49:41 UTC 
Given the low severity, do we really want SLE updates or is it
sufficient for Factory?
Comment 9 Jan Matejek 2014-11-04 19:16:46 UTC 
(In reply to Sebastian Krahmer from comment #6)
> Given the low severity, do we really want SLE updates or is it
> sufficient for Factory?

IMHO, this should be fixed at some point, but not urgently. We can wait for the next bugfix collection before releasing the update.

we probably don't need to fix openSUSE though

but that's not my call.
handing over to security, please ping me if we need more fixes
Comment 11 Swamp Workflow Management 2014-11-27 09:05:34 UTC 
SUSE-SU-2014:1511-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 898572
CVE References: CVE-2014-7185
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    python-base-2.7.7-5.2
SUSE Linux Enterprise Software Development Kit 12 (src):    python-base-2.7.7-5.2
SUSE Linux Enterprise Server 12 (src):    python-2.7.7-5.1, python-base-2.7.7-5.2, python-doc-2.7.7-5.1
SUSE Linux Enterprise Desktop 12 (src):    python-2.7.7-5.1, python-base-2.7.7-5.2
Comment 12 Swamp Workflow Management 2014-11-28 02:04:55 UTC 
SUSE-SU-2014:1518-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 898572,901715
CVE References: CVE-2014-7185
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    python-2.6.9-0.33.1, python-base-2.6.9-0.33.1, python-doc-2.6-8.33.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    python-2.6.9-0.33.1, python-base-2.6.9-0.33.1, python-doc-2.6-8.33.1
SUSE Linux Enterprise Server 11 SP3 (src):    python-2.6.9-0.33.1, python-base-2.6.9-0.33.1, python-doc-2.6-8.33.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    python-2.6.9-0.33.1, python-base-2.6.9-0.33.1
Comment 14 Marcus Meissner 2014-12-15 13:04:50 UTC 
released now
Comment 15 Swamp Workflow Management 2014-12-31 10:06:12 UTC 
openSUSE-SU-2014:1734-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 863741,884075,885882,898572,901715
CVE References: CVE-2014-1912,CVE-2014-4616,CVE-2014-4650,CVE-2014-7185
Sources used:
openSUSE Evergreen 11.4 (src):    python-2.7.3-52.1, python-base-2.7.3-52.1, python-doc-2.7-52.1
Comment 21 Swamp Workflow Management 2015-08-04 13:09:17 UTC 
SUSE-SU-2015:1344-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 898572,901715,924312,935856
CVE References: CVE-2013-1752,CVE-2013-1753,CVE-2014-4650,CVE-2014-7185
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    python-base-2.7.9-14.1
SUSE Linux Enterprise Software Development Kit 12 (src):    python-base-2.7.9-14.1
SUSE Linux Enterprise Server 12 (src):    python-2.7.9-14.1, python-base-2.7.9-14.1, python-doc-2.7.9-14.3
SUSE Linux Enterprise Desktop 12 (src):    python-2.7.9-14.1, python-base-2.7.9-14.1
Comment 22 Swamp Workflow Management 2020-01-24 20:20:07 UTC 
SUSE-SU-2020:0234-1: An update that solves 37 vulnerabilities and has 50 fixes is now available.

Category: security (important)
Bug References: 1027282,1041090,1042670,1068664,1073269,1073748,1078326,1078485,1079300,1081750,1083507,1084650,1086001,1088004,1088009,1109847,1111793,1113755,1122191,1129346,1130840,1130847,1138459,1141853,1149792,1149955,1153238,1153830,1159035,214983,298378,346490,367853,379534,380942,399190,406051,425138,426563,430761,432677,436966,437293,441088,462375,525295,534721,551715,572673,577032,581765,603255,617751,637176,638233,658604,673071,682554,697251,707667,718009,747125,747794,751718,754447,766778,794139,804978,827982,831442,834601,836739,856835,856836,857470,863741,885882,898572,901715,935856,945401,964182,984751,985177,985348,989523,997436
CVE References: CVE-2007-2052,CVE-2008-1721,CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144,CVE-2011-1521,CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-1753,CVE-2013-4238,CVE-2014-1912,CVE-2014-4650,CVE-2014-7185,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-1000158,CVE-2017-18207,CVE-2018-1000030,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20852,CVE-2019-10160,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947,CVE-2019-9948
Sources used:
SUSE Linux Enterprise Module for Python2 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python-2.7.17-7.32.2, python-doc-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    python-2.7.17-7.32.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    python-2.7.17-7.32.2, python-base-2.7.17-7.32.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.