1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Python Vulnerbilities/Updates

Discussion in 'Software Development' started by eddie5659, Feb 5, 2005.

Thread Status:
Not open for further replies.
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Mar 19, 2001

    The Python development team has discovered a flaw in the
    SimpleXMLRPCServer library module which can give remote attackers
    access to internals of the registered object or its module or possibly
    other modules. The flaw only affects Python XML-RPC servers that use
    the register_instance() method to register an object without a
    _dispatch() method. Servers using only register_function() are not

    On vulnerable XML-RPC servers, a remote attacker may be able to view
    or modify globals of the module(s) containing the registered
    instance's class(es), potentially leading to data loss or arbitrary
    code execution. If the registered object is a module, the danger is
    particularly serious. For example, if the registered module imports
    the os module, an attacker could invoke the os.system() function.

    Versions: 2.2 all versions, 2.3 prior to 2.3.5, 2.4

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/327095

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice