CVE-2005-0089

NameCVE-2005-0089
DescriptionThe SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-666-1
NVD severityhigh (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python2.2source(unstable)2.2.3-14high
python2.2sourcewoody2.2.1-4.7highDSA-666-1
python2.3source(unstable)2.3.4+2.3.5c1-2high
python2.4source(unstable)2.4-5high

Search for package or bug name: Reporting problems