CVE-2005-0089

Current Description

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

Basic Data

PublishedMay 02, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPython Software FoundationPython2.2*******
    2.3ApplicationPython Software FoundationPython2.3*******
    2.3ApplicationPython Software FoundationPython2.3.1*******
    2.3ApplicationPython Software FoundationPython2.3.2*******
    2.3ApplicationPython Software FoundationPython2.3.3*******
    2.3ApplicationPython Software FoundationPython2.3.4*******
    2.3ApplicationPython Software FoundationPython2.4*******

Vulnerable Software List

VendorProductVersions
Python Software Foundation Python 2.2, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4

References

NameSourceURLTags
20050203 Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.pyhttp://marc.info/?l=bugtraq&m=110746469728728&w=2BUGTRAQ
http://python.org/security/PSF-2005-001/patch-2.2.txthttp://python.org/security/PSF-2005-001/patch-2.2.txtCONFIRMPatch
14128http://secunia.com/advisories/14128SECUNIA
1013083http://securitytracker.com/id?1013083SECTRACK
DSA-666http://www.debian.org/security/2005/dsa-666DEBIANPatch
MDKSA-2005:035http://www.mandriva.com/security/advisories?name=MDKSA-2005:035MANDRAKE
http://www.python.org/security/PSF-2005-001/http://www.python.org/security/PSF-2005-001/CONFIRMPatch
RHSA-2005:108http://www.redhat.com/support/errata/RHSA-2005-108.htmlREDHAT
12437http://www.securityfocus.com/bid/12437BID
2005-0003http://www.trustix.org/errata/2005/0003/TRUSTIX
python-simplexmlrpcserver-bypass(19217)https://exchange.xforce.ibmcloud.com/vulnerabilities/19217XF
oval:org.mitre.oval:def:9811https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9811OVAL