CVE-2005-0089

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Python versions 2.2, 2.3 before 2.3.5, and 2.4

Description The issue allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes, when the SimpleXMLRPCServer library module is used by XML-RPC servers that register an object without a dispatch method.

Recommendations For Python version 2.2, update to a version with the necessary security fixes. For Python version 2.3 before 2.3.5, update to version 2.3.5 or later. For Python version 2.4, consider disabling the use of the register instance method without a dispatch method until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0089

DSA-666-1

RHSA-2005:108

RHSA-2005:109

RHSA-2005_108

RHSA-2005_109

Affected Products

Python

Red Hat

Simplexmlrpcserver

CVE-2005-0089

Related Identifiers

Affected Products

References · 17