OT: What's up with the starship?
Shane Hathaway
shane at hathawaymix.org
Mon Oct 16 15:06:51 EDT 2006
Fredrik Lundh wrote:
> rurpy at yahoo.com wrote:
>
>> Then perhaps you or he could explain it to us less intelligent
>> people in very simple terms?
>
> the security advisory explains that the cause of the problem is a bug
> in the source code used to implement repr() for 32-bit Unicode strings,
> on all Python versions from 2.2 and onwards.
>
> Python 2.2 was released in 2001.
So, are we to infer that Starship was running Python 2.1 or earlier at
the time the server was compromised? Otherwise I missed your point, sorry.
The vulnerability described by PSF-2006-001 could easily lead to server
compromises. AFAIK, most Linux distributions enable UCS-4 by default,
and they have done so for years. To compromise a server using the
PSF-2006-001 vulnerability, an intruder just needs to find a Python CGI
script running on that server that converts some bad input to unicode,
then cause that script to raise an error while processing the request
containing the bad input. There's a good chance the script will log an
error with the repr() of the bad input, allowing the intruder to mess
with the stack. If the server is running a distribution-supplied build
of Python, the intruder may be able to inject arbitrary code.
I don't know if this concern applies to Starship specifically, but it
seems to apply to thousands of web sites running Python CGIs and Python
web servers.
Shane
More information about the Python-list
mailing list