Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2014-374

Related Vulnerabilities: CVE-2014-4616  

It was <a href="http://bugs.python.org/issue21529"</a>reported</a> that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory. Quoting the upstream bug report: <i>The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index. The bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.</i>

Source

ALAS-2014-374

Amazon Linux AMI Security Advisory: ALAS-2014-374
Advisory Release Date: 2014-07-09 16:51 Pacific
Advisory Updated Date: 2014-09-19 10:47 Pacific
Severity: Low
References: CVE-2014-4616 
Issue Overview:

It was <a href="http://bugs.python.org/issue21529"</a>reported</a> that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.

Quoting the upstream bug report:

<i>The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.

The bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.</i>


Affected Packages:

python-simplejson


Issue Correction:
Run yum update python-simplejson to update your system.

New Packages:
i686:
    python-simplejson-debuginfo-3.5.3-1.7.amzn1.i686
    python-simplejson-3.5.3-1.7.amzn1.i686

src:
    python-simplejson-3.5.3-1.7.amzn1.src

x86_64:
    python-simplejson-debuginfo-3.5.3-1.7.amzn1.x86_64
    python-simplejson-3.5.3-1.7.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started