[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module

To: "Andrew Farmer" <andfarm@xxxxxxxxx>
Subject: Re: [Full-disclosure] python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module
From: "Slythers Bro" <slythers@xxxxxxxxx>
Date: Sun, 16 Sep 2007 16:14:40 +0200

yeah that's right.

Maybe the real question is, if they don't know how secure an int overflow in
imageop module, maybe other modules are vulns too.
I think nobody really take the time to audit python source code, when i
found the vuln in ten minutes just for proof to a friend that's python isn't
more secure than php.
The python' source code look like old. So old == potential vulns

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module
  - From: Slythers Bro
- Re: [Full-disclosure] python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module
  - From: Andrew Farmer

Prev by Date: Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
Next by Date: Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
Previous by thread: Re: [Full-disclosure] python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module
Next by thread: [Full-disclosure] rPSA-2007-0184-1 samba samba-swat
Index(es):
- Date
- Thread