Python SimpleXMLRPCServer Library Module Unauthorized Access Vulnerability

BID:12437

Info

Python SimpleXMLRPCServer Library Module Unauthorized Access Vulnerability

Bugtraq ID: 12437
Class: Access Validation Error
CVE: CVE-2005-0089
Remote: Yes
Local: No
Published: Feb 03 2005 12:00AM
Updated: Jul 12 2009 10:06AM
Credit: The Python development team is responsible for the discovery of this issue.
Vulnerable: Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
SuSE Linux 8.1
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux 8.0
Slackware Linux -current
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.4
+ Mandriva Linux Mandrake 10.1 x86_64
 + Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 Python Software Foundation Python 2.3.3
+ MandrakeSoft Corporate Server 3.0 x86_64
 + MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
 + Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
 + Mandriva Linux Mandrake 9.2
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.3.2
Python Software Foundation Python 2.3.1
Python Software Foundation Python 2.3 b1
Python Software Foundation Python 2.3
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.2.3
+ Redhat Desktop 3.0
+ Redhat Enterprise Linux AS 3
 + Redhat Enterprise Linux ES 3
 + Redhat Enterprise Linux WS 3
 + Ubuntu Ubuntu Linux 4.1 ppc
 + Ubuntu Ubuntu Linux 4.1 ia64
 + Ubuntu Ubuntu Linux 4.1 ia32
 Python Software Foundation Python 2.2.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.2
+ Redhat Linux 7.3
+ Redhat Linux 7.3
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
Python Software Foundation Python 2.2.1
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ Gentoo Linux 1.4 _rc1
 + Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ SuSE Linux 8.1
Python Software Foundation Python 2.2
+ Mandriva Linux Mandrake 8.2 ppc
 + Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
 + Mandriva Linux Mandrake 8.1
Gentoo Linux
Not Vulnerable: Python Software Foundation Python 2.4.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.5

Discussion

Python SimpleXMLRPCServer Library Module Unauthorized Access Vulnerability

A remote unauthorized access vulnerability affects Python. This issue is due to a failure of the API to properly secure access to sensitive internal data or functionality of registered objects and modules.

A remote attacker may leverage this issue to gain unauthorized access to an affected computer. Other attacks are also possible.

Exploit / POC

Python SimpleXMLRPCServer Library Module Unauthorized Access Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Python SimpleXMLRPCServer Library Module Unauthorized Access Vulnerability

Solution:
The vendor has reported that this issue will be resolved with the pending release of Python versions 2.3.5 and 2.4.1. The vendor has provided the following patches for immediate relief.

Slackware Linux has released advisory SSA:2005-111-02 along with fixes dealing with this issue. Please see the referenced advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:005) that contains information regarding the availability of fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Ubuntu linux has released advisory USN-73-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA 666-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Gentoo Linux has released advisory GLSA 200502-09 dealing with this
issue. All Python users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose dev-lang/python

Mandrake has released advisory MDKSA-2005:035 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Trustix has released advisory TSLSA-2005-0003 to address various issues in multiple products. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2005:109-04 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

SuSE Linux has released updates dealing with these issues. Please see the web references for more information.

SGI has released advisory 20050207-01-U including Patch 10144 that contains updated SGI ProPack 3 Service Pack 4 RPMs for the SGI Altix products. This patch addresses various issues. Please see the referenced advisory for more information.


Python Software Foundation Python 2.2

Python Software Foundation Python 2.2.1

Python Software Foundation Python 2.2.2

Python Software Foundation Python 2.2.3

Python Software Foundation Python 2.3

Python Software Foundation Python 2.3.1

Python Software Foundation Python 2.3.2

Python Software Foundation Python 2.3.3

Python Software Foundation Python 2.3.4

Python Software Foundation Python 2.4

SGI ProPack 3.0

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report