[issue33001] Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

Change by Ned Deily : -- Removed message: https://bugs.python.org/msg342103 ___ Python tracker ___ ___ Python-bugs-list mailing

[issue33001] Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

Ned Deily added the comment: New changeset 77c02cdce2d7b8360771be35b7676a4977e070c1 by larryhastings (Steve Dower) in branch '3.4': [3.4] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5992) https://github.com/python/cpython/commit/77c02cdce2d7b8360771be35b7676a4977e070c1

[issue33001] Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

Steve Dower added the comment: Thanks Larry for merging the backports! -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue33001] Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

Larry Hastings added the comment: New changeset f381cfe07d15d52f27de771a62a8167668f0dd51 by larryhastings (Steve Dower) in branch '3.5': [3.5] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5991)

[issue33001] Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

Larry Hastings added the comment: New changeset 77c02cdce2d7b8360771be35b7676a4977e070c1 by larryhastings (Steve Dower) in branch '3.4': [3.4] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5992)

[issue33001] Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

Steve Dower added the comment: Thanks, Victor! -- ___ Python tracker ___ ___

[issue33001] Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

STINNER Victor added the comment: FYI I added this vulnerability to: http://python-security.readthedocs.io/vuln/cve-2018-1000117_buffer_overflow_vulnerability_in_os.symlink_on_windows.html

[issue33001] Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

Steve Dower added the comment: FYI, the CVE number for this issue is CVE-2018-1000117. -- title: Buffer overflow vulnerability in os.symlink on Windows -> Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

miss-islington added the comment: New changeset 96fdbacb7797a564249fd59ccf86ec153c4bb095 by Miss Islington (bot) in branch '3.7': bpo-33001: Prevent buffer overrun in os.symlink (GH-5989)

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Steve Dower added the comment: Patches are merged, except for the ones that belong to @Larry. Thanks again Alexey for the final round of feedback! -- nosy: +larry ___ Python tracker

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Change by miss-islington : -- pull_requests: +5762 ___ Python tracker ___

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Steve Dower added the comment: New changeset baa45079466eda1f5636a6d13f3a60c2c00fdcd3 by Steve Dower in branch '3.6': [3.6] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (GH-5990)

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Steve Dower added the comment: New changeset 6921e73e33edc3c61bc2d78ed558eaa22a89a564 by Steve Dower in branch 'master': bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) https://github.com/python/cpython/commit/6921e73e33edc3c61bc2d78ed558eaa22a89a564

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Eryk Sun added the comment: >> As os.symlink requires administrative privileges on most versions >> of Windows > > The current implementation requires SeCreateSymbolicLinkPrivilege on > ALL versions of Windows because users must pass an additional flag to >

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Alexey Izbyshev added the comment: > As os.symlink requires administrative privileges on most versions of Windows The current implementation requires SeCreateSymbolicLinkPrivilege on ALL versions of Windows because users must pass an additional flag to CreateSymbolicLink

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Alexey Izbyshev added the comment: While judging by the source code it seems that bytes in 3.5 should be fine, I've got a crash with the latest binary from python.org: Python 3.5.4 (v3.5.4:3f56838, Aug 8 2017, 02:17:05) [MSC v.1900 64 bit (AMD64)] on win32 Type "help",

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Change by Steve Dower : -- pull_requests: +5759 ___ Python tracker ___ ___

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Change by Steve Dower : -- pull_requests: +5758 ___ Python tracker ___ ___

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Change by Steve Dower : -- pull_requests: +5757 ___ Python tracker ___ ___

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

Change by Steve Dower : -- keywords: +patch pull_requests: +5756 stage: -> patch review ___ Python tracker ___

[issue33001] Buffer overflow vulnerability in os.symlink on Windows

New submission from Steve Dower : On February 27th, 2018, the Python Security Response team was notified of a buffer overflow issue in the os.symlink() method on Windows. The issue affects all versions of Python between 3.2 and 3.6.4, including the 3.7 beta releases.