[docs] Potential vulnerabilities in python (2.7.8)
Hádrian R
romerox.adrian at gmail.com
Wed Aug 13 00:55:10 CEST 2014
Hi, I'm Hádrien Romero Soria - @Kaiwaiata, I am a 16 year old boy,
passionate about computer security, since more than 2h searching and
finding various possible vulnerabilities in source code of python..
I will tell you some vulnerabilities now, if they treat me well I will tell
the other..
foolish or important things?
*#* unsafe use of *strcpy()*:
*python.tar\python-2.7.8\modules\zipimport.c*
*lines: 83: strcpy(buf, path);*
*python.tar\python-2.7.8\modules\zipimport.c*
*lines: **437: **strcpy(buf, path);*
*python.tar\python-2.7.8\modules\zipimport.c*
*lines: 704: **strcpy(path, archive);*
*#* if an attacker manages to take control of '*buf, path, archive'*, may
cause a *buffer overflow*, probably if which would be directed toward
*.bss *it's not too dangerous but is a vulnerability.
i hope answer, thanks a lot!,
HádrienR - kaiwaiata.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/docs/attachments/20140813/28cecb49/attachment.html>
More information about the docs
mailing list