CVE-2005-0089

Published: 2/6/2005 Last updated: 8/7/2024 Reserved: 1/18/2005

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (7)

conf-python-2-7 conf-python-2-7-dev conf-python-3 conf-python-3-7 conf-python-3-dev py termbox

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 10.0.19042.1466

References (24)

http://www.redhat.com/support/errata/RHSA-2005-108.html
http://securitytracker.com/id?1013083
https://exchange.xforce.ibmcloud.com/vulnerabilities/19217
http://www.python.org/security/PSF-2005-001/
http://marc.info/?l=bugtraq&m=110746469728728&w=2
http://www.trustix.org/errata/2005/0003/
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:9811
http://www.securityfocus.com/bid/12437
http://secunia.com/advisories/14128
http://www.debian.org/security/2005/dsa-666
http://python.org/security/PSF-2005-001/patch-2.2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:035
http://www.redhat.com/support/errata/RHSA-2005-108.html
http://securitytracker.com/id?1013083
https://exchange.xforce.ibmcloud.com/vulnerabilities/19217
http://www.python.org/security/PSF-2005-001/
http://marc.info/?l=bugtraq&m=110746469728728&w=2
http://www.trustix.org/errata/2005/0003/
https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:9811
http://www.securityfocus.com/bid/12437
http://secunia.com/advisories/14128
http://www.debian.org/security/2005/dsa-666
http://python.org/security/PSF-2005-001/patch-2.2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:035