[Stackless] Stackless to address multiple buffer overflow vulnerability?

David E. Sallis David.Sallis at noaa.gov
Fri Aug 15 18:52:09 CEST 2008


Guy Hulbert said the following on 8/15/2008 11:36 AM:
 > This is an old problem.
 > http://www.python.org/files/news/security/PSF-2006-001/PSF-2006-001.txt

I must respectfully disagree.  Did you read the bulletin I referenced?  CVE-2008-2315, for one, was published in late July 2008.  It 
states in part:

"Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors 
related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) 
gcmodule, and (8) mmapmodule modules."

This is *not* an old problem.

-- 
David E. Sallis, Software Architect
General Dynamics Information Technology
NOAA Coastal Data Development Center
Stennis Space Center, Mississippi
228.688.3805
david.sallis at gdit.com
david.sallis at noaa.gov
--------------------------------------------
"Better Living Through Software Engineering"
--------------------------------------------




More information about the Stackless mailing list