CVE-2005-2875
CVSS7.5
发布时间 :2005-09-13 19:03:00
修订时间 :2008-09-05 16:52:54
NMCOPS    

[原文]Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes.


[CNNVD]Py2Play python对象执行任意代码漏洞(CNNVD-200509-104)

        Py2Play是一个游戏引擎。
        Py2Play允许远程攻击者通过提供的python对象执行任意Python代码,Py2Play可以识别python对象并执行这些代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2875
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2875
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-104
(官方数据源) CNNVD

- 其它链接及资源

https://bugs.gentoo.org/show_bug.cgi?id=103524
(VENDOR_ADVISORY)  CONFIRM  https://bugs.gentoo.org/show_bug.cgi?id=103524
http://soya.literati.org/
(VENDOR_ADVISORY)  MISC  http://soya.literati.org/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976
(VENDOR_ADVISORY)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976
http://www.securityfocus.com/bid/14864
(UNKNOWN)  BID  14864
http://www.gentoo.org/security/en/glsa/glsa-200509-09.xml
(UNKNOWN)  GENTOO  GLSA-200509-09
http://www.debian.org/security/2005/dsa-856
(UNKNOWN)  DEBIAN  DSA-856
http://secunia.com/advisories/17106
(UNKNOWN)  SECUNIA  17106
http://secunia.com/advisories/16855
(UNKNOWN)  SECUNIA  16855

- 漏洞信息

Py2Play python对象执行任意代码漏洞
高危 设计错误
2005-09-13 00:00:00 2005-10-20 00:00:00
远程  
        Py2Play是一个游戏引擎。
        Py2Play允许远程攻击者通过提供的python对象执行任意Python代码,Py2Play可以识别python对象并执行这些代码。

- 公告与补丁

        暂无数据

- 漏洞信息 (F40560)

Debian Linux Security Advisory 856-1 (PacketStormID:F40560)
2005-10-11 00:00:00
Debian  security.debian.org
advisory,arbitrary
linux,debian
CVE-2005-2875
[点击下载]

Debian Security Advisory DSA 856-1 - Arc Riley discovered that py2play, a peer-to-peer network game engine, is able to execute arbitrary code received from the p2p game network it is connected to without any security checks.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 856-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 10th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : py2play
Vulnerability  : design error
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2875
Debian Bug     : 326976

Arc Riley discovered that py2play, a peer-to-peer network game engine,
is able to execute arbitrary code received from the p2p game network
it is connected to without any security checks.

The old stable distribution (woody) does not contain py2play packages.

For the stable distribution (sarge) this problem has been fixed in
version 0.1.7-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.1.8-1.

We recommend that you upgrade your py2play package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/py2play/py2play_0.1.7-1sarge1.dsc
      Size/MD5 checksum:      620 af7d893aef3a30d5f4d1213904a4b6bc
    http://security.debian.org/pool/updates/main/p/py2play/py2play_0.1.7-1sarge1.diff.gz
      Size/MD5 checksum:     4279 f67056e4ede259e691e2ebf1af49a148
    http://security.debian.org/pool/updates/main/p/py2play/py2play_0.1.7.orig.tar.gz
      Size/MD5 checksum:    21426 8cdd904928b6d410b35041206e56a5de

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/py2play/python-2play_0.1.7-1sarge1_all.deb
      Size/MD5 checksum:    16430 2bc3056f9fa5ece5621d2c9b98c0aca6


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDSghQW5ql+IAeqTIRAqloAJ9GaA1QXH8KRQ7vkCJIWjkbyxnLQQCcCTlL
JucSLj7pQQ3tX376fNcieWo=
=n3JO
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F40159)

Gentoo Linux Security Advisory 200509-9 (PacketStormID:F40159)
2005-09-22 00:00:00
Gentoo  security.gentoo.org
advisory,python
linux,gentoo
CVE-2005-2875
[点击下载]

Gentoo Linux Security Advisory GLSA 200509-09 - Arc Riley discovered that Py2Play uses Python pickles to send objects over a peer-to-peer game network, and that clients accept without restriction the objects and code sent by peers. Versions less than or equal to 0.1.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200509-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Py2Play: Remote execution of arbitrary Python code
      Date: September 17, 2005
      Bugs: #103524
        ID: 200509-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A design error in Py2Play allows attackers to execute arbitrary code.

Background
==========

Py2Play is a peer-to-peer network game engine written in Python.
Pickling is a Python feature allowing to serialize Python objects into
string representations (called pickles) that can be sent over the
network.

Affected packages
=================

    -------------------------------------------------------------------
     Package             /  Vulnerable  /                   Unaffected
    -------------------------------------------------------------------
  1  dev-python/py2play      <= 0.1.7                      Vulnerable!
    -------------------------------------------------------------------
     NOTE: Certain packages are still vulnerable. Users should migrate
           to another package if one is available or wait for the
           existing packages to be marked stable by their
           architecture maintainers.

Description
===========

Arc Riley discovered that Py2Play uses Python pickles to send objects
over a peer-to-peer game network, and that clients accept without
restriction the objects and code sent by peers.

Impact
======

A remote attacker participating in a Py2Play-powered game can send
malicious Python pickles, resulting in the execution of arbitrary
Python code on the targeted game client.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

The Py2Play package has been hard-masked prior to complete removal from
Portage, and current users are advised to unmerge the package:

    # emerge --unmerge  dev-python/py2play

References
==========

  [ 1 ] CAN-2005-2875
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2875

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200509-09.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

19431
Py2Play Pickled Object Arbitrary Python Code Execution
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-09-06 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Py2Play Object Unpickling Remote Python Code Execution Vulnerability
Design Error 14864
Yes No
2005-09-17 12:00:00 2006-09-07 03:33:00
Discovery is credited to Arc Riley.

- 受影响的程序版本

Py2Play Py2Play 0.1.7
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Gentoo Linux

- 漏洞讨论

Py2Play is prone to a vulnerability that may let remote attackers execute arbitrary Python code in the context of the program.

Remote peers may exploit this issue.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has released version 0.1.8 to address this issue. Please see the references and associated advisories for more information.


Py2Play Py2Play 0.1.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站