project identifies the following problems:
CVE-2006-2662
Drew Yao discovered that multiple integer overflows in the string
processing code may lead to denial of service and potentially the
execution of arbitrary code.
CVE-2008-2663
Drew Yao discovered that multiple integer overflows in the string
project identifies the following problems:
CVE-2006-2662
Drew Yao discovered that multiple integer overflows in the string
processing code may lead to denial of service and potentially the
execution of arbitrary code.
CVE-2008-2663
Drew Yao discovered that multiple integer overflows in the string
meant the Python memory allocator could allocate less memory than
expected. This could result in arbitrary code execution with the
Python interpreter's privileges.
Multiple buffer and integer overflow flaws were found in the Python
Unicode string processing and in the Python Unicode and string
object implementations. An attacker could use these flaws to cause
a denial of service.
Multiple integer overflow flaws were found in the Python imageop
module. If a Python application used the imageop module to
overflows in a number of core modules (CVE-2008-2315). He also
reported an integer overflow in the hashlib module on Python 2.5 that
lead to unreliable cryptographic digest results (CVE-2008-2316).
Justin Ferguson reported multiple buffer overflows in unicode string
processing that affected 32bit systems (CVE-2008-3142).
Multiple integer overflows were reported by the Google Security Team
that had been fixed in Python 2.5.2 (CVE-2008-3143).
Justin Ferguson reported a number of integer overflows and underflows
David Remahl of Apple Product Security reported several integer
overflows in a number of core modules (CVE-2008-2315).
Justin Ferguson reported multiple buffer overflows in unicode string
processing that affected 32bit systems (CVE-2008-3142).
Multiple integer overflows were reported by the Google Security Team
that had been fixed in Python 2.5.2 (CVE-2008-3143).
Justin Ferguson reported a number of integer overflows and underflows
* David Remahl of Apple Product Security also reported an integer
overflow in the hashlib module, leading to unreliable cryptographic
digest results (CVE-2008-2316).
* Justin Ferguson reported multiple buffer overflows in unicode
string processing that only affect 32bit systems (CVE-2008-3142).
* The Google Security Team reported multiple integer overflows
(CVE-2008-3143).
* Justin Ferguson reported multiple integer underflows and overflows
Torres, Alexander Sotirov, Ty Bodell, Joshua Drake, JR, Carlos Perez,
Kris Katterjohn and many others.
The startup speed up the Metasploit Console and all utilities has been
greatly improved due to performance patches by Yoann Guillot and a
string processing overhaul by James Lee. Metasploit now fully supports
the 1.9.1 version of the Ruby interpreter, clearing the way for support
under a variety of alternate Ruby VMs in the future.
The Windows installation now includes a fully-functional console
interface, using Cygwin and RXVT as a front-end to the framework. The
