CVE-2008-5987

2009-01-28T11:30:00

Description

Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Affected Software

CPE Name	Name	Version
gnome:eog	gnome eog	2.22.3

{"id": "CVE-2008-5987", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2008-5987", "description": "Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "published": "2009-01-28T11:30:00", "modified": "2009-04-16T05:35:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 6.9}, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5987", "reporter": "cve@mitre.org", "references": ["http://www.openwall.com/lists/oss-security/2009/01/26/2", "https://bugzilla.redhat.com/show_bug.cgi?id=481553", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352", "http://www.securityfocus.com/bid/33443", "http://security.gentoo.org/glsa/glsa-200904-06.xml"], "cvelist": ["CVE-2008-5983", "CVE-2008-5987"], "immutableFields": [], "lastseen": "2022-03-23T13:49:42", "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5983", "CVE-2008-5984", "CVE-2008-5985", "CVE-2008-5986", "CVE-2009-0314", "CVE-2009-0315", "CVE-2009-0316", "CVE-2009-0317", "CVE-2009-0318"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-5984", "DEBIANCVE:CVE-2008-5985", "DEBIANCVE:CVE-2008-5986", "DEBIANCVE:CVE-2008-5987", "DEBIANCVE:CVE-2009-0314", "DEBIANCVE:CVE-2009-0315", "DEBIANCVE:CVE-2009-0316", "DEBIANCVE:CVE-2009-0317", "DEBIANCVE:CVE-2009-0318"]}, {"type": "fedora", "idList": ["FEDORA:1015F1115E5", "FEDORA:4380D208D5D", "FEDORA:478CD1119BD", "FEDORA:9C835110BAB"]}, {"type": "freebsd", "idList": ["E848A92F-0E7D-11DE-92DE-000BCDC1757A"]}, {"type": "gentoo", "idList": ["GLSA-200903-41", "GLSA-200904-06"]}, {"type": "nessus", "idList": ["FEDORA_2009-1289.NASL", "FEDORA_2009-1295.NASL", "FEDORA_2010-13388.NASL", "FEDORA_2010-9565.NASL", "FEDORA_2010-9652.NASL", "FREEBSD_PKG_E848A92F0E7D11DE92DE000BCDC1757A.NASL", "GENTOO_GLSA-200903-41.NASL", "GENTOO_GLSA-200904-06.NASL", "MANDRIVA_MDVSA-2009-063.NASL", "NEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL", "REDHAT-RHSA-2011-0027.NASL", "SL_20110113_PYTHON_ON_SL5_X.NASL", "UBUNTU_USN-1596-1.NASL", "UBUNTU_USN-1613-1.NASL", "UBUNTU_USN-1613-2.NASL", "UBUNTU_USN-1616-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122278", "OPENVAS:136141256231063330", "OPENVAS:136141256231063415", "OPENVAS:136141256231063480", "OPENVAS:136141256231063564", "OPENVAS:136141256231063738", "OPENVAS:136141256231063800", "OPENVAS:1361412562310841178", "OPENVAS:1361412562310841194", "OPENVAS:1361412562310841195", "OPENVAS:1361412562310841199", "OPENVAS:1361412562310862160", "OPENVAS:1361412562310862218", "OPENVAS:1361412562310862373", "OPENVAS:1361412562310870377", "OPENVAS:63330", "OPENVAS:63415", "OPENVAS:63480", "OPENVAS:63564", "OPENVAS:63738", "OPENVAS:63800", "OPENVAS:841178", "OPENVAS:841194", "OPENVAS:841195", "OPENVAS:841199", "OPENVAS:862160", "OPENVAS:862218", "OPENVAS:862373", "OPENVAS:870377"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0027", "ELSA-2011-0554"]}, {"type": "redhat", "idList": ["RHSA-2011:0027"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21419", "SECURITYVULNS:DOC:21590", "SECURITYVULNS:VULN:9683"]}, {"type": "seebug", "idList": ["SSV:4870"]}, {"type": "ubuntu", "idList": ["USN-1596-1", "USN-1613-1", "USN-1613-2", "USN-1616-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2008-5983", "UB:CVE-2008-5984", "UB:CVE-2008-5985", "UB:CVE-2008-5986", "UB:CVE-2008-5987", "UB:CVE-2009-0314", "UB:CVE-2009-0315", "UB:CVE-2009-0316", "UB:CVE-2009-0317", "UB:CVE-2009-0318"]}, {"type": "veracode", "idList": ["VERACODE:24356"]}]}, "score": {"value": 5.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2008-5983"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2008-5987"]}, {"type": "gentoo", "idList": ["GLSA-200904-06"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2009-063.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:63480"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9683"]}]}, "exploitation": null, "vulnersScore": 5.8}, "_state": {"dependencies": 1660012827, "score": 1659818015}, "_internal": {"score_hash": "9746d1146fbbfaf3508dccc526c7dbfc"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:gnome:eog:2.22.3"], "cpe23": ["cpe:2.3:a:gnome:eog:2.22.3:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "affectedSoftware": [{"cpeName": "gnome:eog", "version": "2.22.3", "operator": "eq", "name": "gnome eog"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:gnome:eog:2.22.3:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://www.openwall.com/lists/oss-security/2009/01/26/2", "name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", "refsource": "MLIST", "tags": []}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=481553", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=481553", "refsource": "CONFIRM", "tags": []}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352", "refsource": "CONFIRM", "tags": []}, {"url": "http://www.securityfocus.com/bid/33443", "name": "33443", "refsource": "BID", "tags": []}, {"url": "http://security.gentoo.org/glsa/glsa-200904-06.xml", "name": "GLSA-200904-06", "refsource": "GENTOO", "tags": []}]}

{"nessus": [{"lastseen": "2022-07-07T18:08:52", "description": "The remote host is affected by the vulnerability described in GLSA-200904-06 (Eye of GNOME: Untrusted search path)\n\n James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy related to CVE-2008-5983.\n Impact :\n\n A local attacker could entice a user to run the Eye of GNOME from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running the application.\n Workaround :\n\n Do not run 'eog' from untrusted working directories.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-07T00:00:00", "type": "nessus", "title": "GLSA-200904-06 : Eye of GNOME: Untrusted search path", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2008-5987"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:eog", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200904-06.NASL", "href": "https://www.tenable.com/plugins/nessus/36094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200904-06.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36094);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2008-5987\");\n script_xref(name:\"GLSA\", value:\"200904-06\");\n\n script_name(english:\"GLSA-200904-06 : Eye of GNOME: Untrusted search path\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200904-06\n(Eye of GNOME: Untrusted search path)\n\n James Vega reported an untrusted search path vulnerability in the\n GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy\n related to CVE-2008-5983.\n \nImpact :\n\n A local attacker could entice a user to run the Eye of GNOME from a\n directory containing a specially crafted python module, resulting in\n the execution of arbitrary code with the privileges of the user running\n the application.\n \nWorkaround :\n\n Do not run 'eog' from untrusted working directories.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200904-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Eye of GNOME users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/eog-2.22.3-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:eog\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-gfx/eog\", unaffected:make_list(\"ge 2.22.3-r3\"), vulnerable:make_list(\"lt 2.22.3-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Eye of GNOME\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:08:05", "description": "Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current eog working directory (CVE-2008-5987).\n\nThis update provides fix for that vulnerability.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : eog (MDVSA-2009:063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5987"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:eog", "p-cpe:/a:mandriva:linux:eog-devel", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2009.0"], "id": "MANDRIVA_MDVSA-2009-063.NASL", "href": "https://www.tenable.com/plugins/nessus/37235", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:063. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37235);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5987\");\n script_xref(name:\"MDVSA\", value:\"2009:063\");\n\n script_name(english:\"Mandriva Linux Security Advisory : eog (MDVSA-2009:063)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Python has a variable called sys.path that contains all paths where\nPython loads modules by using import scripting procedure. A wrong\nhandling of that variable enables local attackers to execute arbitrary\ncode via Python scripting in the current eog working directory\n(CVE-2008-5987).\n\nThis update provides fix for that vulnerability.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected eog and / or eog-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:eog-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", reference:\"eog-2.22.0-2.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"eog-devel-2.22.0-2.1mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"eog-2.24.0-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"eog-devel-2.24.0-1.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:01:51", "description": "Updated python packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nIt was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim's privileges. This update adds the PySys_SetArgvEx API. Developers can modify their applications to use this new API, which sets sys.argv without modifying sys.path.\n(CVE-2008-5983)\n\nMultiple flaws were found in the Python rgbimg module. If an application written in Python was using the rgbimg module and loaded a specially crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)\n\nMultiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nThis update also fixes the following bugs :\n\n* When starting a child process from the subprocess module in Python 2.4, the parent process could leak file descriptors if an error occurred. This update resolves the issue. (BZ#609017)\n\n* Prior to Python 2.7, programs that used 'ulimit -n' to enable communication with large numbers of subprocesses could still monitor only 1024 file descriptors at a time, which caused an exception :\n\nValueError: filedescriptor out of range in select()\n\nThis was due to the subprocess module using the 'select' system call.\nThe module now uses the 'poll' system call, removing this limitation.\n(BZ#609020)\n\n* Prior to Python 2.5, the tarfile module failed to unpack tar files if the path was longer than 100 characters. This update backports the tarfile module from Python 2.5 and the issue no longer occurs.\n(BZ#263401)\n\n* The email module incorrectly implemented the logic for obtaining attachment file names: the get_filename() fallback for using the deprecated 'name' parameter of the 'Content-Type' header erroneously used the 'Content-Disposition' header. This update backports a fix from Python 2.6, which resolves this issue. (BZ#644147)\n\n* Prior to version 2.5, Python's optimized memory allocator never released memory back to the system. The memory usage of a long-running Python process would resemble a 'high-water mark'. This update backports a fix from Python 2.5a1, which frees unused arenas, and adds a non-standard sys._debugmallocstats() function, which prints diagnostic information to stderr. Finally, when running under Valgrind, the optimized allocator is deactivated, to allow more convenient debugging of Python memory usage issues. (BZ#569093)\n\n* The urllib and urllib2 modules ignored the no_proxy variable, which could lead to programs such as 'yum' erroneously accessing a proxy server for URLs covered by a 'no_proxy' exclusion. This update backports fixes of urllib and urllib2, which respect the 'no_proxy' variable, which fixes these issues. (BZ#549372)\n\nAs well, this update adds the following enhancements :\n\n* This update introduces a new python-libs package, subsuming the majority of the content of the core python package. This makes both 32-bit and 64-bit Python libraries available on PowerPC systems.\n(BZ#625372)\n\n* The python-libs.i386 package is now available for 64-bit Itanium with the 32-bit Itanium compatibility mode. (BZ#644761)\n\nAll Python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {"score": null, "vector": null}, "published": "2011-01-14T00:00:00", "type": "nessus", "title": "RHEL 5 : python (RHSA-2011:0027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2008-5984", "CVE-2008-5985", "CVE-2008-5986", "CVE-2008-5987", "CVE-2009-0314", "CVE-2009-0315", "CVE-2009-0316", "CVE-2009-0317", "CVE-2009-4134", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-1634", "CVE-2010-2089"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:python-libs", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:tkinter", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-0027.NASL", "href": "https://www.tenable.com/plugins/nessus/51524", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0027. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51524);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2008-5984\", \"CVE-2008-5985\", \"CVE-2008-5986\", \"CVE-2008-5987\", \"CVE-2009-0314\", \"CVE-2009-0315\", \"CVE-2009-0316\", \"CVE-2009-0317\", \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-1634\", \"CVE-2010-2089\");\n script_bugtraq_id(40361, 40363, 40365, 40370, 40862, 40863);\n script_xref(name:\"RHSA\", value:\"2011:0027\");\n\n script_name(english:\"RHEL 5 : python (RHSA-2011:0027)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs, and add two enhancements are now available for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nIt was found that many applications embedding the Python interpreter\ndid not specify a valid full path to the script or application when\ncalling the PySys_SetArgv API function, which could result in the\naddition of the current working directory to the module search path\n(sys.path). A local attacker able to trick a victim into running such\nan application in an attacker-controlled directory could use this flaw\nto execute code with the victim's privileges. This update adds the\nPySys_SetArgvEx API. Developers can modify their applications to use\nthis new API, which sets sys.argv without modifying sys.path.\n(CVE-2008-5983)\n\nMultiple flaws were found in the Python rgbimg module. If an\napplication written in Python was using the rgbimg module and loaded a\nspecially crafted SGI image file, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2009-4134, CVE-2010-1449,\nCVE-2010-1450)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nThis update also fixes the following bugs :\n\n* When starting a child process from the subprocess module in Python\n2.4, the parent process could leak file descriptors if an error\noccurred. This update resolves the issue. (BZ#609017)\n\n* Prior to Python 2.7, programs that used 'ulimit -n' to enable\ncommunication with large numbers of subprocesses could still monitor\nonly 1024 file descriptors at a time, which caused an exception :\n\nValueError: filedescriptor out of range in select()\n\nThis was due to the subprocess module using the 'select' system call.\nThe module now uses the 'poll' system call, removing this limitation.\n(BZ#609020)\n\n* Prior to Python 2.5, the tarfile module failed to unpack tar files\nif the path was longer than 100 characters. This update backports the\ntarfile module from Python 2.5 and the issue no longer occurs.\n(BZ#263401)\n\n* The email module incorrectly implemented the logic for obtaining\nattachment file names: the get_filename() fallback for using the\ndeprecated 'name' parameter of the 'Content-Type' header erroneously\nused the 'Content-Disposition' header. This update backports a fix\nfrom Python 2.6, which resolves this issue. (BZ#644147)\n\n* Prior to version 2.5, Python's optimized memory allocator never\nreleased memory back to the system. The memory usage of a long-running\nPython process would resemble a 'high-water mark'. This update\nbackports a fix from Python 2.5a1, which frees unused arenas, and adds\na non-standard sys._debugmallocstats() function, which prints\ndiagnostic information to stderr. Finally, when running under\nValgrind, the optimized allocator is deactivated, to allow more\nconvenient debugging of Python memory usage issues. (BZ#569093)\n\n* The urllib and urllib2 modules ignored the no_proxy variable, which\ncould lead to programs such as 'yum' erroneously accessing a proxy\nserver for URLs covered by a 'no_proxy' exclusion. This update\nbackports fixes of urllib and urllib2, which respect the 'no_proxy'\nvariable, which fixes these issues. (BZ#549372)\n\nAs well, this update adds the following enhancements :\n\n* This update introduces a new python-libs package, subsuming the\nmajority of the content of the core python package. This makes both\n32-bit and 64-bit Python libraries available on PowerPC systems.\n(BZ#625372)\n\n* The python-libs.i386 package is now available for 64-bit Itanium\nwith the 32-bit Itanium compatibility mode. (BZ#644761)\n\nAll Python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5983\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1449\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0027\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0027\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"python-devel-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-libs-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-libs-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-libs-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-tools-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-tools-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-tools-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tkinter-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tkinter-2.4.3-43.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tkinter-2.4.3-43.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-07T18:05:35", "description": "CVE Mitre reports :\n\nUntrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {"score": null, "vector": null}, "published": "2009-03-12T00:00:00", "type": "nessus", "title": "FreeBSD : epiphany -- untrusted search path vulnerability (e848a92f-0e7d-11de-92de-000bcdc1757a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2008-5985"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:epiphany", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_E848A92F0E7D11DE92DE000BCDC1757A.NASL", "href": "https://www.tenable.com/plugins/nessus/35910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35910);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2008-5985\");\n\n script_name(english:\"FreeBSD : epiphany -- untrusted search path vulnerability (e848a92f-0e7d-11de-92de-000bcdc1757a)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE Mitre reports :\n\nUntrusted search path vulnerability in the Python interface in\nEpiphany 2.22.3, and possibly other versions, allows local users to\nexecute arbitrary code via a Trojan horse Python file in the current\nworking directory, related to a vulnerability in the PySys_SetArgv\nfunction (CVE-2008-5983).\"\n );\n # https://vuxml.freebsd.org/freebsd/e848a92f-0e7d-11de-92de-000bcdc1757a.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d7013806\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:epiphany\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"epiphany<2.24.2.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:44:28", "description": "- Fri Jan 30 2009 Huzaifa Sidhpurwala <huzaifas at redhat.com> 1:1.8.2-6\n\n - Resolves CVE-2008-5983\n\n - Version bump to match the rawhide version\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Fedora 10 : gnumeric-1.8.2-6.fc10 (2009-1289)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2009-0318"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnumeric", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-1289.NASL", "href": "https://www.tenable.com/plugins/nessus/37680", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-1289.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37680);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0318\");\n script_xref(name:\"FEDORA\", value:\"2009-1289\");\n\n script_name(english:\"Fedora 10 : gnumeric-1.8.2-6.fc10 (2009-1289)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Jan 30 2009 Huzaifa Sidhpurwala <huzaifas at\n redhat.com> 1:1.8.2-6\n\n - Resolves CVE-2008-5983\n\n - Version bump to match the rawhide version\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=481572\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/019752.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38a32cd2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnumeric package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnumeric\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"gnumeric-1.8.2-6.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnumeric\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:08:02", "description": "The remote host is affected by the vulnerability described in GLSA-200903-41 (gedit: Untrusted search path)\n\n James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983.\n Impact :\n\n A local attacker could entice a user to open gedit from a specially crafted environment, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.\n Workaround :\n\n Do not run gedit from untrusted working directories.", "cvss3": {"score": null, "vector": null}, "published": "2009-03-31T00:00:00", "type": "nessus", "title": "GLSA-200903-41 : gedit: Untrusted search path", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2009-0314"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:gedit", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200903-41.NASL", "href": "https://www.tenable.com/plugins/nessus/36055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200903-41.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36055);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-0314\");\n script_xref(name:\"GLSA\", value:\"200903-41\");\n\n script_name(english:\"GLSA-200903-41 : gedit: Untrusted search path\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200903-41\n(gedit: Untrusted search path)\n\n James Vega reported that gedit uses the current working directory when\n searching for python modules, a vulnerability related to CVE-2008-5983.\n \nImpact :\n\n A local attacker could entice a user to open gedit from a specially\n crafted environment, possibly resulting in the execution of arbitrary\n code with the privileges of the user running the application.\n \nWorkaround :\n\n Do not run gedit from untrusted working directories.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200903-41\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All gedit 2.22.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-editors/gedit-2.22.3-r1'\n All gedit 2.24.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-editors/gedit-2.24.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gedit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-editors/gedit\", unaffected:make_list(\"rge 2.22.3-r1\", \"ge 2.24.3\"), vulnerable:make_list(\"lt 2.24.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gedit\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T16:04:06", "description": "- Backport from F14: - Fix for lone surrogates, utf8 and certain encode error handlers. - Fix an incompatibility between pyexpat and the system expat-2.0.1 that led to a segfault running test_pyexpat.py (patch 110; upstream issue 9054; rhbz#610312)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-09-04T00:00:00", "type": "nessus", "title": "Fedora 13 : python3-3.1.2-7.fc13 (2010-13388)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-13388.NASL", "href": "https://www.tenable.com/plugins/nessus/49107", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13388.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49107);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\");\n script_bugtraq_id(40370, 40862, 40863);\n script_xref(name:\"FEDORA\", value:\"2010-13388\");\n\n script_name(english:\"Fedora 13 : python3-3.1.2-7.fc13 (2010-13388)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Backport from F14: - Fix for lone surrogates, utf8 and\n certain encode error handlers. - Fix an incompatibility\n between pyexpat and the system expat-2.0.1 that led to a\n segfault running test_pyexpat.py (patch 110; upstream\n issue 9054; rhbz#610312)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=482814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=590690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598197\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047008.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48b4c43f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"python3-3.1.2-7.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T15:58:59", "description": "- Fri Jun 4 2010 David Malcolm <dmalcolm at redhat.com> - 2.6.4-27\n\n - ensure that the compiler is invoked with '-fwrapv' (rhbz#594819)\n\n - CVE-2010-1634: fix various integer overflow checks in the audioop module (patch 113)\n\n - CVE-2010-2089: further checks within the audioop module (patch 114)\n\n - CVE-2008-5983: the new PySys_SetArgvEx entry point from r81399 (patch 115)\n\n - Mon Apr 26 2010 Dennis Gilmore <dennis at ausil.us> - 2.6.4-26\n\n - disable --with-valgrind on sparc arches\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-01T00:00:00", "type": "nessus", "title": "Fedora 13 : python-2.6.4-27.fc13 (2010-9652)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-9652.NASL", "href": "https://www.tenable.com/plugins/nessus/47547", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-9652.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47547);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\");\n script_bugtraq_id(40370);\n script_xref(name:\"FEDORA\", value:\"2010-9652\");\n\n script_name(english:\"Fedora 13 : python-2.6.4-27.fc13 (2010-9652)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Jun 4 2010 David Malcolm <dmalcolm at redhat.com> -\n 2.6.4-27\n\n - ensure that the compiler is invoked with '-fwrapv'\n (rhbz#594819)\n\n - CVE-2010-1634: fix various integer overflow checks in\n the audioop module (patch 113)\n\n - CVE-2010-2089: further checks within the audioop module\n (patch 114)\n\n - CVE-2008-5983: the new PySys_SetArgvEx entry point\n from r81399 (patch 115)\n\n - Mon Apr 26 2010 Dennis Gilmore <dennis at ausil.us> -\n 2.6.4-26\n\n - disable --with-valgrind on sparc arches\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=482814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=590690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598197\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea86d227\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"python-2.6.4-27.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T18:04:33", "description": "- Fri Jan 30 2009 Huzaifa Sidhpurwala <huzaifas at redhat.com> 1:1.8.2-4\n\n - Resolves CVE-2009-5983\n\n - Version Bump\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2009-02-05T00:00:00", "type": "nessus", "title": "Fedora 9 : gnumeric-1.8.2-4.fc9 (2009-1295)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2009-0318", "CVE-2009-5983"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnumeric", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-1295.NASL", "href": "https://www.tenable.com/plugins/nessus/35596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-1295.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35596);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-0318\");\n script_xref(name:\"FEDORA\", value:\"2009-1295\");\n\n script_name(english:\"Fedora 9 : gnumeric-1.8.2-4.fc9 (2009-1295)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Jan 30 2009 Huzaifa Sidhpurwala <huzaifas at\n redhat.com> 1:1.8.2-4\n\n - Resolves CVE-2009-5983\n\n - Version Bump\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=481572\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/019851.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9d95451a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnumeric package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnumeric\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"gnumeric-1.8.2-4.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnumeric\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-07T16:00:50", "description": "- Fri Jun 4 2010 David Malcolm <dmalcolm at redhat.com> - 2.6.2-8\n\n - ensure that the compiler is invoked with '-fwrapv' (rhbz#594819)\n\n - CVE-2010-1634: fix various integer overflow checks in the audioop module (patch 113)\n\n - CVE-2010-2089: further checks within the audioop module (patch 114)\n\n - CVE-2008-5983: the new PySys_SetArgvEx entry point from r81399 (patch 115)\n\n - Fri Mar 12 2010 David Malcolm <dmalcolm at redhat.com>\n - 2.6.2-7\n\n - document all patches, and remove the commented-out ones\n\n - Address some of the issues identified in package review (bug 226342) :\n\n - update libs requirement on base package to use %{name} for consistency's sake\n\n - convert from backticks to $() syntax throughout\n\n - wrap value of LD_LIBRARY_PATH in quotes\n\n - convert '/usr/bin/find' requirement to 'findutils'\n\n - remove trailing periods from summaries of subpackages\n\n - fix spelling mistake in description of -test subpackage\n\n - convert usage of $$RPM_BUILD_ROOT to %{buildroot} throughout, for stylistic consistency\n\n - supply dirmode arguments to defattr directives\n\n - replace references to /usr with %{_prefix}; replace references to /usr/include with %{_includedir}\n\n - fixup the build when __python_ver is set (Zach Sadecki;\n bug 533989); use pybasever in the files section\n\n - Mon Jan 25 2010 David Malcolm <dmalcolm at redhat.com> - 2.6.2-6\n\n - update python-2.6.2-config.patch to remove downstream customization of build of pyexpat and elementtree modules\n\n - add patch adapted from upstream (patch 3) to add support for building against system expat; add\n --with-system-expat to 'configure' invocation (patch 3)\n\n - remove embedded copy of expat from source tree during 'prep'\n\n - Mon Jan 25 2010 David Malcolm <dmalcolm at redhat.com>\n - 2.6.2-5\n\n - replace 'define' with 'global' throughout\n\n - introduce macros for 3 directories, replacing expanded references throughout: %{pylibdir}, %{dynload_dir}, %{site_packages}\n\n - explicitly list all lib-dynload files, rather than dynamically gathering the payload into a temporary text file, so that we can be sure what we are shipping;\n remove now-redundant testing for presence of certain .so files\n\n - remove embedded copy of libffi and zlib from source tree before building\n\n - Mon Jan 25 2010 David Malcolm <dmalcolm at redhat.com>\n - 2.6.2-4\n\n - change python-2.6.2-config.patch to remove our downstream change to curses configuration in Modules/Setup.dist, so that the curses modules are built using setup.py with the downstream default (linking against libncursesw.so, rather than libncurses.so), rather than within the Makefile; add a test to %install to verify the dso files that the curses module is linked against the correct DSO (bug 539917; changes _cursesmodule.so -> _curses.so)\n\n - Fri Jan 8 2010 David Malcolm <dmalcolm at redhat.com> - 2.6.2-3\n\n - fix Lib/SocketServer.py to avoid trying to use non-existent keyword args for os.waitpid (patch 52, rhbz:552404, Adrian Reber)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2010-07-06T00:00:00", "type": "nessus", "title": "Fedora 12 : python-2.6.2-8.fc12 (2010-9565)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-9565.NASL", "href": "https://www.tenable.com/plugins/nessus/47600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-9565.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47600);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\");\n script_bugtraq_id(40370, 40862, 40863);\n script_xref(name:\"FEDORA\", value:\"2010-9565\");\n\n script_name(english:\"Fedora 12 : python-2.6.2-8.fc12 (2010-9565)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fri Jun 4 2010 David Malcolm <dmalcolm at redhat.com> -\n 2.6.2-8\n\n - ensure that the compiler is invoked with '-fwrapv'\n (rhbz#594819)\n\n - CVE-2010-1634: fix various integer overflow checks in\n the audioop module (patch 113)\n\n - CVE-2010-2089: further checks within the audioop module\n (patch 114)\n\n - CVE-2008-5983: the new PySys_SetArgvEx entry point\n from r81399 (patch 115)\n\n - Fri Mar 12 2010 David Malcolm <dmalcolm at redhat.com>\n - 2.6.2-7\n\n - document all patches, and remove the commented-out\n ones\n\n - Address some of the issues identified in package\n review (bug 226342) :\n\n - update libs requirement on base package to use %{name}\n for consistency's sake\n\n - convert from backticks to $() syntax throughout\n\n - wrap value of LD_LIBRARY_PATH in quotes\n\n - convert '/usr/bin/find' requirement to 'findutils'\n\n - remove trailing periods from summaries of subpackages\n\n - fix spelling mistake in description of -test\n subpackage\n\n - convert usage of $$RPM_BUILD_ROOT to %{buildroot}\n throughout, for stylistic consistency\n\n - supply dirmode arguments to defattr directives\n\n - replace references to /usr with %{_prefix}; replace\n references to /usr/include with %{_includedir}\n\n - fixup the build when __python_ver is set (Zach Sadecki;\n bug 533989); use pybasever in the files section\n\n - Mon Jan 25 2010 David Malcolm <dmalcolm at redhat.com> -\n 2.6.2-6\n\n - update python-2.6.2-config.patch to remove downstream\n customization of build of pyexpat and elementtree\n modules\n\n - add patch adapted from upstream (patch 3) to add support\n for building against system expat; add\n --with-system-expat to 'configure' invocation (patch 3)\n\n - remove embedded copy of expat from source tree during\n 'prep'\n\n - Mon Jan 25 2010 David Malcolm <dmalcolm at redhat.com>\n - 2.6.2-5\n\n - replace 'define' with 'global' throughout\n\n - introduce macros for 3 directories, replacing expanded\n references throughout: %{pylibdir}, %{dynload_dir},\n %{site_packages}\n\n - explicitly list all lib-dynload files, rather than\n dynamically gathering the payload into a temporary text\n file, so that we can be sure what we are shipping;\n remove now-redundant testing for presence of certain .so\n files\n\n - remove embedded copy of libffi and zlib from source tree\n before building\n\n - Mon Jan 25 2010 David Malcolm <dmalcolm at redhat.com>\n - 2.6.2-4\n\n - change python-2.6.2-config.patch to remove our\n downstream change to curses configuration in\n Modules/Setup.dist, so that the curses modules are\n built using setup.py with the downstream default\n (linking against libncursesw.so, rather than\n libncurses.so), rather than within the Makefile; add a\n test to %install to verify the dso files that the\n curses module is linked against the correct DSO (bug\n 539917; changes _cursesmodule.so -> _curses.so)\n\n - Fri Jan 8 2010 David Malcolm <dmalcolm at redhat.com> -\n 2.6.2-3\n\n - fix Lib/SocketServer.py to avoid trying to use\n non-existent keyword args for os.waitpid (patch 52,\n rhbz:552404, Adrian Reber)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=482814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=590690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598197\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/043726.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3f0e5c1a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"python-2.6.2-8.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-10T14:44:57", "description": "It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim's privileges. This update adds the PySys_SetArgvEx API. Developers can modify their applications to use this new API, which sets sys.argv without modifying sys.path.\n(CVE-2008-5983)\n\nMultiple flaws were found in the Python rgbimg module. If an application written in Python was using the rgbimg module and loaded a specially crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)\n\nMultiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nThis update also fixes the following bugs :\n\n - When starting a child process from the subprocess module in Python 2.4, the parent process could leak file descriptors if an error occurred. This update resolves the issue. (BZ#609017)\n\n - Prior to Python 2.7, programs that used 'ulimit -n' to enable communication with large numbers of subprocesses could still monitor only 1024 file descriptors at a time, which caused an exception :\n\n ValueError: filedescriptor out of range in select()\n\nThis was due to the subprocess module using the 'select' system call.\nThe module now uses the 'poll' system call, removing this limitation.\n(BZ#609020)\n\n - Prior to Python 2.5, the tarfile module failed to unpack tar files if the path was longer than 100 characters.\n This update backports the tarfile module from Python 2.5 and the issue no longer occurs. (BZ#263401)\n\n - The email module incorrectly implemented the logic for obtaining attachment file names: the get_filename() fallback for using the deprecated 'name' parameter of the 'Content-Type' header erroneously used the 'Content-Disposition' header. This update backports a fix from Python 2.6, which resolves this issue.\n (BZ#644147)\n\n - Prior to version 2.5, Python's optimized memory allocator never released memory back to the system. The memory usage of a long-running Python process would resemble a 'high-water mark'. This update backports a fix from Python 2.5a1, which frees unused arenas, and adds a non-standard sys._debugmallocstats() function, which prints diagnostic information to stderr. Finally, when running under Valgrind, the optimized allocator is deactivated, to allow more convenient debugging of Python memory usage issues. (BZ#569093)\n\n - The urllib and urllib2 modules ignored the no_proxy variable, which could lead to programs such as 'yum' erroneously accessing a proxy server for URLs covered by a 'no_proxy' exclusion. This update backports fixes of urllib and urllib2, which respect the 'no_proxy' variable, which fixes these issues. (BZ#549372)\n\nAs well, this update adds the following enhancements :\n\n - This update introduces a new python-libs package, subsuming the majority of the content of the core python package. This makes both 32-bit and 64-bit Python libraries available on PowerPC systems. (BZ#625372)\n\n - The python-libs.i386 package is now available for 64-bit Itanium with the 32-bit Itanium compatibility mode.\n (BZ#644761)", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : python on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2009-4134", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-1634", "CVE-2010-2089"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110113_PYTHON_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60935);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-1634\", \"CVE-2010-2089\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that many applications embedding the Python interpreter\ndid not specify a valid full path to the script or application when\ncalling the PySys_SetArgv API function, which could result in the\naddition of the current working directory to the module search path\n(sys.path). A local attacker able to trick a victim into running such\nan application in an attacker-controlled directory could use this flaw\nto execute code with the victim's privileges. This update adds the\nPySys_SetArgvEx API. Developers can modify their applications to use\nthis new API, which sets sys.argv without modifying sys.path.\n(CVE-2008-5983)\n\nMultiple flaws were found in the Python rgbimg module. If an\napplication written in Python was using the rgbimg module and loaded a\nspecially crafted SGI image file, it could cause the application to\ncrash or, possibly, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2009-4134, CVE-2010-1449,\nCVE-2010-1450)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nThis update also fixes the following bugs :\n\n - When starting a child process from the subprocess module\n in Python 2.4, the parent process could leak file\n descriptors if an error occurred. This update resolves\n the issue. (BZ#609017)\n\n - Prior to Python 2.7, programs that used 'ulimit -n' to\n enable communication with large numbers of subprocesses\n could still monitor only 1024 file descriptors at a\n time, which caused an exception :\n\n ValueError: filedescriptor out of range in select()\n\nThis was due to the subprocess module using the 'select' system call.\nThe module now uses the 'poll' system call, removing this limitation.\n(BZ#609020)\n\n - Prior to Python 2.5, the tarfile module failed to unpack\n tar files if the path was longer than 100 characters.\n This update backports the tarfile module from Python 2.5\n and the issue no longer occurs. (BZ#263401)\n\n - The email module incorrectly implemented the logic for\n obtaining attachment file names: the get_filename()\n fallback for using the deprecated 'name' parameter of\n the 'Content-Type' header erroneously used the\n 'Content-Disposition' header. This update backports a\n fix from Python 2.6, which resolves this issue.\n (BZ#644147)\n\n - Prior to version 2.5, Python's optimized memory\n allocator never released memory back to the system. The\n memory usage of a long-running Python process would\n resemble a 'high-water mark'. This update backports a\n fix from Python 2.5a1, which frees unused arenas, and\n adds a non-standard sys._debugmallocstats() function,\n which prints diagnostic information to stderr. Finally,\n when running under Valgrind, the optimized allocator is\n deactivated, to allow more convenient debugging of\n Python memory usage issues. (BZ#569093)\n\n - The urllib and urllib2 modules ignored the no_proxy\n variable, which could lead to programs such as 'yum'\n erroneously accessing a proxy server for URLs covered by\n a 'no_proxy' exclusion. This update backports fixes of\n urllib and urllib2, which respect the 'no_proxy'\n variable, which fixes these issues. (BZ#549372)\n\nAs well, this update adds the following enhancements :\n\n - This update introduces a new python-libs package,\n subsuming the majority of the content of the core python\n package. This makes both 32-bit and 64-bit Python\n libraries available on PowerPC systems. (BZ#625372)\n\n - The python-libs.i386 package is now available for 64-bit\n Itanium with the 32-bit Itanium compatibility mode.\n (BZ#644761)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=263401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=549372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=569093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=609017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=609020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=625372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=644147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=644761\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=1728\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09c6df78\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"python-2.4.3-43.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-devel-2.4.3-43.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-libs-2.4.3-43.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-tools-2.4.3-43.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tkinter-2.4.3-43.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-10T14:51:05", "description": "It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS.\n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. (CVE-2010-1634, CVE-2010-2089)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the '-R' command line option and honors setting the PYTHONHASHSEED environment variable to 'random' to salt str and datetime objects with an unpredictable value.\n(CVE-2012-1150)\n\nSerhiy Storchaka discovered that the UTF16 decoder in Python did not properly reset internal variables after error handling. An attacker could exploit this to cause a denial of service via memory corruption.\n(CVE-2012-2135).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-10-25T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 11.04 : python3.1 vulnerabilities (USN-1616-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150", "CVE-2012-2135"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python3.1", "p-cpe:/a:canonical:ubuntu_linux:python3.1-minimal", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1616-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62700", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1616-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62700);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-1150\", \"CVE-2012-2135\");\n script_bugtraq_id(40370, 40862, 40863, 51239, 51996, 52732, 53244);\n script_xref(name:\"USN\", value:\"1616-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 : python3.1 vulnerabilities (USN-1616-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Python would prepend an empty string to\nsys.path under certain circumstances. A local attacker with write\naccess to the current working directory could exploit this to execute\narbitrary code. This issue only affected Ubuntu 10.04 LTS.\n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform\ninput validation. If a user or automated system were tricked into\nopening a crafted audio file, an attacker could cause a denial of\nservice via application crash. These issues only affected Ubuntu 10.04\nLTS. (CVE-2010-1634, CVE-2010-2089)\n\nIt was discovered that Python distutils contained a race condition\nwhen creating the ~/.pypirc file. A local attacker could exploit this\nto obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate\nits input when handling HTTP POST requests. A remote attacker could\nexploit this to cause a denial of service via excessive CPU\nutilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm\nattacks. An attacker could cause a denial of service under certian\ncircumstances. This update adds the '-R' command line option and\nhonors setting the PYTHONHASHSEED environment variable to 'random' to\nsalt str and datetime objects with an unpredictable value.\n(CVE-2012-1150)\n\nSerhiy Storchaka discovered that the UTF16 decoder in Python did not\nproperly reset internal variables after error handling. An attacker\ncould exploit this to cause a denial of service via memory corruption.\n(CVE-2012-2135).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1616-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3.1 and / or python3.1-minimal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.1-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python3.1\", pkgver:\"3.1.2-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python3.1-minimal\", pkgver:\"3.1.2-0ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python3.1\", pkgver:\"3.1.3-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python3.1-minimal\", pkgver:\"3.1.3-1ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3.1 / python3.1-minimal\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-08T19:29:54", "description": "The remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities:\n\n - Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. (CVE-2007-4965)\n\n - Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context- dependent attackers to defeat cryptographic digests, related to partial hashlib hashing of data exceeding 4GB. (CVE-2008-2316)\n\n - Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. (CVE-2008-5983)\n\n - Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context- dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. (CVE-2010-1634)\n\n - The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one- byte string, a different vulnerability than CVE-2010-1634. (CVE-2010-2089)\n\n - The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in- the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2013-4238)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965", "CVE-2008-2316", "CVE-2008-3143", "CVE-2008-5983", "CVE-2009-2408", "CVE-2010-1634", "CVE-2010-2089", "CVE-2013-4238"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL", "href": "https://www.tenable.com/plugins/nessus/127154", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0008. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127154);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2007-4965\",\n \"CVE-2008-2316\",\n \"CVE-2008-5983\",\n \"CVE-2010-1634\",\n \"CVE-2010-2089\",\n \"CVE-2013-4238\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple\nvulnerabilities:\n\n - Multiple integer overflows in the imageop module in\n Python 2.5.1 and earlier allow context-dependent\n attackers to cause a denial of service (application\n crash) and possibly obtain sensitive information (memory\n contents) via crafted arguments to (1) the tovideo\n method, and unspecified other vectors related to (2)\n imageop.c, (3) rbgimgmodule.c, and other files, which\n trigger heap-based buffer overflows. (CVE-2007-4965)\n\n - Integer overflow in _hashopenssl.c in the hashlib module\n in Python 2.5.2 and earlier might allow context-\n dependent attackers to defeat cryptographic digests,\n related to partial hashlib hashing of data exceeding\n 4GB. (CVE-2008-2316)\n\n - Untrusted search path vulnerability in the PySys_SetArgv\n API function in Python 2.6 and earlier, and possibly\n later versions, prepends an empty string to sys.path\n when the argv[0] argument does not contain a path\n separator, which might allow local users to execute\n arbitrary code via a Trojan horse Python file in the\n current working directory. (CVE-2008-5983)\n\n - Multiple integer overflows in audioop.c in the audioop\n module in Python 2.6, 2.7, 3.1, and 3.2 allow context-\n dependent attackers to cause a denial of service\n (application crash) via a large fragment, as\n demonstrated by a call to audioop.lin2lin with a long\n string in the first argument, leading to a buffer\n overflow. NOTE: this vulnerability exists because of an\n incorrect fix for CVE-2008-3143.5. (CVE-2010-1634)\n\n - The audioop module in Python 2.7 and 3.2 does not verify\n the relationships between size arguments and byte string\n lengths, which allows context-dependent attackers to\n cause a denial of service (memory corruption and\n application crash) via crafted arguments, as\n demonstrated by a call to audioop.reverse with a one-\n byte string, a different vulnerability than\n CVE-2010-1634. (CVE-2010-2089)\n\n - The ssl.match_hostname function in the SSL module in\n Python 2.6 through 3.4 does not properly handle a '\\0'\n character in a domain name in the Subject Alternative\n Name field of an X.509 certificate, which allows man-in-\n the-middle attackers to spoof arbitrary SSL servers via\n a crafted certificate issued by a legitimate\n Certification Authority, a related issue to\n CVE-2009-2408. (CVE-2013-4238)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0008\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL python packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-2316\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 5.04\": [\n \"python-2.7.5-58.el7.cgslv5.0.1.g6d96868\",\n \"python-debug-2.7.5-58.el7.cgslv5.0.1.g6d96868\",\n \"python-debuginfo-2.7.5-58.el7.cgslv5.0.1.g6d96868\",\n \"python-devel-2.7.5-58.el7.cgslv5.0.1.g6d96868\",\n \"python-libs-2.7.5-58.el7.cgslv5.0.1.g6d96868\",\n \"python-test-2.7.5-58.el7.cgslv5.0.1.g6d96868\",\n \"python-tools-2.7.5-58.el7.cgslv5.0.1.g6d96868\",\n \"tkinter-2.7.5-58.el7.cgslv5.0.1.g6d96868\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-10T14:50:45", "description": "It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files.\n(CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04.\n(CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the '-R' command line option and honors setting the PYTHONHASHSEED environment variable to 'random' to salt str and datetime objects with an unpredictable value.\n(CVE-2012-1150).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521", "CVE-2011-4940", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python2.6", "p-cpe:/a:canonical:ubuntu_linux:python2.6-minimal", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1596-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62436", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1596-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62436);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_xref(name:\"USN\", value:\"1596-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Python would prepend an empty string to\nsys.path under certain circumstances. A local attacker with write\naccess to the current working directory could exploit this to execute\narbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform\ninput validation. If a user or automated system were tricked into\nopening a crafted audio file, an attacker could cause a denial of\nservice via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd\nmodule. A remote attacker could exploit this to cause a denial of\nservice via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly\nperform input validation on certain HTTP GET requests. A remote\nattacker could potentially obtain access to CGI script source files.\n(CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would\nprocess Location headers that specify a redirection to file: URLs. A\nremote attacker could exploit this to obtain sensitive information or\ncause a denial of service. This issue only affected Ubuntu 11.04.\n(CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset\nparameter in the Content-Type HTTP header. An attacker could\npotentially exploit this to conduct cross-site scripting (XSS) attacks\nagainst Internet Explorer 7 users. This issue only affected Ubuntu\n11.04. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition\nwhen creating the ~/.pypirc file. A local attacker could exploit this\nto obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate\nits input when handling HTTP POST requests. A remote attacker could\nexploit this to cause a denial of service via excessive CPU\nutilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm\nattacks. An attacker could cause a denial of service under certian\ncircumstances. This update adds the '-R' command line option and\nhonors setting the PYTHONHASHSEED environment variable to 'random' to\nsalt str and datetime objects with an unpredictable value.\n(CVE-2012-1150).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1596-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python2.6 and / or python2.6-minimal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.6-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python2.6\", pkgver:\"2.6.5-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python2.6-minimal\", pkgver:\"2.6.5-1ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python2.6\", pkgver:\"2.6.6-6ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python2.6-minimal\", pkgver:\"2.6.6-6ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"python2.6\", pkgver:\"2.6.7-4ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"python2.6-minimal\", pkgver:\"2.6.7-4ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.6 / python2.6-minimal\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-10T14:50:46", "description": "USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4.\n\nIt was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash.\n(CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service.\n(CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information.\n(CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources.\n(CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources.\n(CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-10-18T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521", "CVE-2011-4940", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-0876", "CVE-2012-1148"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python2.4", "p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1613-2.NASL", "href": "https://www.tenable.com/plugins/nessus/62620", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1613-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62620);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-0876\", \"CVE-2012-1148\");\n script_xref(name:\"USN\", value:\"1613-2\");\n\n script_name(english:\"Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides\nthe corresponding updates for Python 2.4.\n\nIt was discovered that Python would prepend an empty string to\nsys.path under certain circumstances. A local attacker with write\naccess to the current working directory could exploit this to execute\narbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly\nperform input validation. If a user or automated system were\ntricked into opening a crafted audio file, an attacker could\ncause a denial of service via application crash.\n(CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the\nsmtpd module. A remote attacker could exploit this to cause\na denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not\nproperly perform input validation on certain HTTP GET\nrequests. A remote attacker could potentially obtain access\nto CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules\nwould process Location headers that specify a redirection to\nfile: URLs. A remote attacker could exploit this to obtain\nsensitive information or cause a denial of service.\n(CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a\ncharset parameter in the Content-Type HTTP header. An\nattacker could potentially exploit this to conduct\ncross-site scripting (XSS) attacks against Internet Explorer\n7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race\ncondition when creating the ~/.pypirc file. A local attacker\ncould exploit this to obtain sensitive information.\n(CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly\nvalidate its input when handling HTTP POST requests. A\nremote attacker could exploit this to cause a denial of\nservice via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5\ncomputed hash values without restricting the ability to\ntrigger hash collisions predictably. If a user or\napplication using pyexpat were tricked into opening a\ncrafted XML file, an attacker could cause a denial of\nservice by consuming excessive CPU resources.\n(CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did\nnot properly handle memory reallocation when processing XML\nfiles. If a user or application using pyexpat were tricked\ninto opening a crafted XML file, an attacker could cause a\ndenial of service by consuming excessive memory resources.\n(CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1613-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python2.4 and / or python2.4-minimal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4\", pkgver:\"2.4.5-1ubuntu4.4\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.5-1ubuntu4.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.4 / python2.4-minimal\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-10T14:51:23", "description": "It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files.\n(CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2012-10-18T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521", "CVE-2011-4940", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-0876", "CVE-2012-1148"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1613-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1613-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62619);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-0876\", \"CVE-2012-1148\");\n script_xref(name:\"USN\", value:\"1613-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Python would prepend an empty string to\nsys.path under certain circumstances. A local attacker with write\naccess to the current working directory could exploit this to execute\narbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform\ninput validation. If a user or automated system were tricked into\nopening a crafted audio file, an attacker could cause a denial of\nservice via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd\nmodule. A remote attacker could exploit this to cause a denial of\nservice via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly\nperform input validation on certain HTTP GET requests. A remote\nattacker could potentially obtain access to CGI script source files.\n(CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would\nprocess Location headers that specify a redirection to file: URLs. A\nremote attacker could exploit this to obtain sensitive information or\ncause a denial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset\nparameter in the Content-Type HTTP header. An attacker could\npotentially exploit this to conduct cross-site scripting (XSS) attacks\nagainst Internet Explorer 7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition\nwhen creating the ~/.pypirc file. A local attacker could exploit this\nto obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate\nits input when handling HTTP POST requests. A remote attacker could\nexploit this to cause a denial of service via excessive CPU\nutilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash\nvalues without restricting the ability to trigger hash collisions\npredictably. If a user or application using pyexpat were tricked into\nopening a crafted XML file, an attacker could cause a denial of\nservice by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not\nproperly handle memory reallocation when processing XML files. If a\nuser or application using pyexpat were tricked into opening a crafted\nXML file, an attacker could cause a denial of service by consuming\nexcessive memory resources. (CVE-2012-1148).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1613-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python2.5 and / or python2.5-minimal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5\", pkgver:\"2.5.2-2ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.2-2ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.5 / python2.5-minimal\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-04-06T11:39:09", "description": "The remote host is missing updates announced in\nadvisory GLSA 200904-06.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200904-06 (eog)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5987", "CVE-2008-5983"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063800", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063800", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An untrusted search path vulnerability in the Eye of GNOME might result in\nthe execution of arbitrary code.\";\ntag_solution = \"All Eye of GNOME users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/eog-2.22.3-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200904-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=257002\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200904-06.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63800\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2008-5987\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200904-06 (eog)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/eog\", unaffected: make_list(\"ge 2.22.3-r3\"), vulnerable: make_list(\"lt 2.22.3-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:44", "description": "The remote host is missing updates announced in\nadvisory GLSA 200904-06.", "cvss3": {}, "published": "2009-04-15T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200904-06 (eog)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5987", "CVE-2008-5983"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63800", "href": "http://plugins.openvas.org/nasl.php?oid=63800", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An untrusted search path vulnerability in the Eye of GNOME might result in\nthe execution of arbitrary code.\";\ntag_solution = \"All Eye of GNOME users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-gfx/eog-2.22.3-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200904-06\nhttp://bugs.gentoo.org/show_bug.cgi?id=257002\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200904-06.\";\n\n \n \n\nif(description)\n{\n script_id(63800);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-15 22:11:00 +0200 (Wed, 15 Apr 2009)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2008-5987\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200904-06 (eog)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-gfx/eog\", unaffected: make_list(\"ge 2.22.3-r3\"), vulnerable: make_list(\"lt 2.22.3-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:15", "description": "The remote host is missing an update to eog\nannounced via advisory MDVSA-2009:063.", "cvss3": {}, "published": "2009-03-07T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:063 (eog)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5987"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:63480", "href": "http://plugins.openvas.org/nasl.php?oid=63480", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_063.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:063 (eog)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python has a variable called sys.path that contains all paths where\nPython loads modules by using import scripting procedure. A wrong\nhandling of that variable enables local attackers to execute arbitrary\ncode via Python scripting in the current eog working directory\n(CVE-2008-5987).\n\nThis update provides fix for that vulnerability.\n\nAffected: 2008.1, 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:063\";\ntag_summary = \"The remote host is missing an update to eog\nannounced via advisory MDVSA-2009:063.\";\n\n \n\nif(description)\n{\n script_id(63480);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2008-5987\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:063 (eog)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"eog\", rpm:\"eog~2.22.0~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"eog-devel\", rpm:\"eog-devel~2.22.0~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"eog\", rpm:\"eog~2.24.0~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"eog-devel\", rpm:\"eog-devel~2.24.0~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:43", "description": "The remote host is missing an update to eog\nannounced via advisory MDVSA-2009:063.", "cvss3": {}, "published": "2009-03-07T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:063 (eog)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5987"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063480", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063480", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_063.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:063 (eog)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python has a variable called sys.path that contains all paths where\nPython loads modules by using import scripting procedure. A wrong\nhandling of that variable enables local attackers to execute arbitrary\ncode via Python scripting in the current eog working directory\n(CVE-2008-5987).\n\nThis update provides fix for that vulnerability.\n\nAffected: 2008.1, 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:063\";\ntag_summary = \"The remote host is missing an update to eog\nannounced via advisory MDVSA-2009:063.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63480\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-07 21:47:03 +0100 (Sat, 07 Mar 2009)\");\n script_cve_id(\"CVE-2008-5987\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:063 (eog)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"eog\", rpm:\"eog~2.22.0~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"eog-devel\", rpm:\"eog-devel~2.22.0~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"eog\", rpm:\"eog~2.24.0~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"eog-devel\", rpm:\"eog-devel~2.24.0~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:56", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-02-18T00:00:00", "type": "openvas", "title": "FreeBSD Ports: dia", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5984", "CVE-2008-5983"], "modified": "2016-12-21T00:00:00", "id": "OPENVAS:63415", "href": "http://plugins.openvas.org/nasl.php?oid=63415", "sourceData": "#\n#VID 25eb365c-fd11-11dd-8424-c213de35965d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 25eb365c-fd11-11dd-8424-c213de35965d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: dia\n\nCVE-2008-5984\nUntrusted search path vulnerability in the Python plugin in Dia\n0.96.1, and possibly other versions, allows local users to execute\narbitrary code via a Trojan horse Python file in the current working\ndirectory, related to a vulnerability in the PySys_SetArgv function\n(CVE-2008-5983).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/33672\nhttp://www.vuxml.org/freebsd/25eb365c-fd11-11dd-8424-c213de35965d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63415);\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2008-5984\");\n script_bugtraq_id(33448);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: dia\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"dia\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.96.1_6,1\")<0) {\n txt += 'Package dia version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:27", "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-41.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-41 (gedit)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0314", "CVE-2008-5983"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63738", "href": "http://plugins.openvas.org/nasl.php?oid=63738", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in gedit might allow local attackers to execute arbitrary\ncode.\";\ntag_solution = \"All gedit 2.22.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-editors/gedit-2.22.3-r1'\n\nAll gedit 2.24.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-editors/gedit-2.24.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-41\nhttp://bugs.gentoo.org/show_bug.cgi?id=257004\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-41.\";\n\n \n \n\nif(description)\n{\n script_id(63738);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-0314\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200903-41 (gedit)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-editors/gedit\", unaffected: make_list(\"rge 2.22.3-r1\", \"ge 2.24.3\"), vulnerable: make_list(\"lt 2.24.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:32", "description": "The remote host is missing an update to gnumeric\nannounced via advisory FEDORA-2009-1289.", "cvss3": {}, "published": "2009-02-10T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-1289 (gnumeric)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0318", "CVE-2008-5983"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063330", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063330", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1289.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1289 (gnumeric)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Gnumeric is a spreadsheet program for the GNOME GUI desktop\nenvironment.\n\nChangeLog:\n\n* Fri Jan 30 2009 Huzaifa Sidhpurwala 1:1.8.2-6\n- Resolves CVE-2008-5983\n- Version bump to match the rawhide version\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update gnumeric' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1289\";\ntag_summary = \"The remote host is missing an update to gnumeric\nannounced via advisory FEDORA-2009-1289.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63330\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-10 15:52:40 +0100 (Tue, 10 Feb 2009)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-0318\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-1289 (gnumeric)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=481572\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gnumeric\", rpm:\"gnumeric~1.8.2~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnumeric-devel\", rpm:\"gnumeric-devel~1.8.2~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnumeric-plugins-extras\", rpm:\"gnumeric-plugins-extras~1.8.2~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnumeric-debuginfo\", rpm:\"gnumeric-debuginfo~1.8.2~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:09", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-03-13T00:00:00", "type": "openvas", "title": "FreeBSD Ports: epiphany", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5985", "CVE-2008-5983"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063564", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063564", "sourceData": "#\n#VID e848a92f-0e7d-11de-92de-000bcdc1757a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e848a92f-0e7d-11de-92de-000bcdc1757a\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: epiphany\n\nCVE-2008-5985\nUntrusted search path vulnerability in the Python interface in\nEpiphany 2.22.3, and possibly other versions, allows local users to\nexecute arbitrary code via a Trojan horse Python file in the current\nworking directory, related to a vulnerability in the PySys_SetArgv\nfunction (CVE-2008-5983).\n\nCVE-2008-5983\nUntrusted search path vulnerability in the PySys_SetArgv API function\nin Python 2.6 and earlier, and possibly later versions, prepends an\nempty string to sys.path when the argv[0] argument does not contain a\npath separator, which might allow local users to execute arbitrary\ncode via a Trojan horse Python file in the current working directory.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63564\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 19:24:56 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2008-5985\", \"CVE-2008-5983\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: epiphany\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"epiphany\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.24.2.1\")<0) {\n txt += 'Package epiphany version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:16", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-02-18T00:00:00", "type": "openvas", "title": "FreeBSD Ports: dia", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5984", "CVE-2008-5983"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063415", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063415", "sourceData": "#\n#VID 25eb365c-fd11-11dd-8424-c213de35965d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 25eb365c-fd11-11dd-8424-c213de35965d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: dia\n\nCVE-2008-5984\nUntrusted search path vulnerability in the Python plugin in Dia\n0.96.1, and possibly other versions, allows local users to execute\narbitrary code via a Trojan horse Python file in the current working\ndirectory, related to a vulnerability in the PySys_SetArgv function\n(CVE-2008-5983).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/33672\nhttp://www.vuxml.org/freebsd/25eb365c-fd11-11dd-8424-c213de35965d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63415\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2008-5984\");\n script_bugtraq_id(33448);\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: dia\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"dia\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.96.1_6,1\")<0) {\n txt += 'Package dia version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:22", "description": "The remote host is missing updates announced in\nadvisory GLSA 200903-41.", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200903-41 (gedit)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0314", "CVE-2008-5983"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063738", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063738", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability in gedit might allow local attackers to execute arbitrary\ncode.\";\ntag_solution = \"All gedit 2.22.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-editors/gedit-2.22.3-r1'\n\nAll gedit 2.24.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-editors/gedit-2.24.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-41\nhttp://bugs.gentoo.org/show_bug.cgi?id=257004\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200903-41.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63738\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-06 20:58:11 +0200 (Mon, 06 Apr 2009)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-0314\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200903-41 (gedit)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-editors/gedit\", unaffected: make_list(\"rge 2.22.3-r1\", \"ge 2.24.3\"), vulnerable: make_list(\"lt 2.24.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:55", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-03-13T00:00:00", "type": "openvas", "title": "FreeBSD Ports: epiphany", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5985", "CVE-2008-5983"], "modified": "2016-12-21T00:00:00", "id": "OPENVAS:63564", "href": "http://plugins.openvas.org/nasl.php?oid=63564", "sourceData": "#\n#VID e848a92f-0e7d-11de-92de-000bcdc1757a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID e848a92f-0e7d-11de-92de-000bcdc1757a\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: epiphany\n\nCVE-2008-5985\nUntrusted search path vulnerability in the Python interface in\nEpiphany 2.22.3, and possibly other versions, allows local users to\nexecute arbitrary code via a Trojan horse Python file in the current\nworking directory, related to a vulnerability in the PySys_SetArgv\nfunction (CVE-2008-5983).\n\nCVE-2008-5983\nUntrusted search path vulnerability in the PySys_SetArgv API function\nin Python 2.6 and earlier, and possibly later versions, prepends an\nempty string to sys.path when the argv[0] argument does not contain a\npath separator, which might allow local users to execute arbitrary\ncode via a Trojan horse Python file in the current working directory.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\n\nif(description)\n{\n script_id(63564);\n script_version(\"$Revision: 4824 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-21 09:49:38 +0100 (Wed, 21 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 19:24:56 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2008-5985\", \"CVE-2008-5983\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: epiphany\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"epiphany\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.24.2.1\")<0) {\n txt += 'Package epiphany version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:50", "description": "The remote host is missing an update to gnumeric\nannounced via advisory FEDORA-2009-1289.", "cvss3": {}, "published": "2009-02-10T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-1289 (gnumeric)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-0318", "CVE-2008-5983"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63330", "href": "http://plugins.openvas.org/nasl.php?oid=63330", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1289.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1289 (gnumeric)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Gnumeric is a spreadsheet program for the GNOME GUI desktop\nenvironment.\n\nChangeLog:\n\n* Fri Jan 30 2009 Huzaifa Sidhpurwala 1:1.8.2-6\n- Resolves CVE-2008-5983\n- Version bump to match the rawhide version\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update gnumeric' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1289\";\ntag_summary = \"The remote host is missing an update to gnumeric\nannounced via advisory FEDORA-2009-1289.\";\n\n\n\nif(description)\n{\n script_id(63330);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-10 15:52:40 +0100 (Tue, 10 Feb 2009)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-0318\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-1289 (gnumeric)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=481572\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gnumeric\", rpm:\"gnumeric~1.8.2~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnumeric-devel\", rpm:\"gnumeric-devel~1.8.2~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnumeric-plugins-extras\", rpm:\"gnumeric-plugins-extras~1.8.2~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnumeric-debuginfo\", rpm:\"gnumeric-debuginfo~1.8.2~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:53", "description": "Check for the Version of python3", "cvss3": {}, "published": "2010-09-07T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2010-13388", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2017-12-13T00:00:00", "id": "OPENVAS:862373", "href": "http://plugins.openvas.org/nasl.php?oid=862373", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2010-13388\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"python3 on Fedora 13\";\ntag_insight = \"Python 3 is a new version of the language that is incompatible with the 2.x\n line of releases. The language is mostly the same, but many details, especially\n how built-in objects like dictionaries and strings work, have changed\n considerably, and a lot of deprecated features have finally been removed.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047008.html\");\n script_id(862373);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 15:09:12 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13388\");\n script_cve_id(\"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2008-5983\");\n script_name(\"Fedora Update for python3 FEDORA-2010-13388\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.1.2~7.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:58:25", "description": "Check for the Version of python", "cvss3": {}, "published": "2010-07-06T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2010-9565", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2017-12-15T00:00:00", "id": "OPENVAS:862218", "href": "http://plugins.openvas.org/nasl.php?oid=862218", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2010-9565\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language often compared to Tcl, Perl, Scheme or Java. Python includes\n modules, classes, exceptions, very high level dynamic data types and\n dynamic typing. Python supports interfaces to many system calls and\n libraries, as well as to various windowing systems (X11, Motif, Tk,\n Mac and MFC).\n\n Programmers can write new built-in modules for Python in C or C++.\n Python can be used as an extension language for applications that need\n a programmable interface. This package contains most of the standard\n Python modules, as well as modules for interfacing to the Tix widget\n set for Tk and RPM.\n \n Note that documentation for Python is provided in the python-docs\n package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043726.html\");\n script_id(862218);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 10:05:18 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-9565\");\n script_cve_id(\"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2008-5983\");\n script_name(\"Fedora Update for python FEDORA-2010-9565\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.2~8.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:18:25", "description": "Check for the Version of python", "cvss3": {}, "published": "2010-06-18T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2010-9652", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:862160", "href": "http://plugins.openvas.org/nasl.php?oid=862160", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2010-9652\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language often compared to Tcl, Perl, Scheme or Java. Python includes\n modules, classes, exceptions, very high level dynamic data types and\n dynamic typing. Python supports interfaces to many system calls and\n libraries, as well as to various windowing systems (X11, Motif, Tk,\n Mac and MFC).\n\n Programmers can write new built-in modules for Python in C or C++.\n Python can be used as an extension language for applications that need\n a programmable interface. This package contains most of the standard\n Python modules, as well as modules for interfacing to the Tix widget\n set for Tk and RPM.\n \n Note that documentation for Python is provided in the python-docs\n package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html\");\n script_id(862160);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-9652\");\n script_cve_id(\"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2008-5983\");\n script_name(\"Fedora Update for python FEDORA-2010-9652\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.4~27.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:45", "description": "Check for the Version of python", "cvss3": {}, "published": "2010-06-18T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2010-9652", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2018-01-16T00:00:00", "id": "OPENVAS:1361412562310862160", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862160", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2010-9652\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language often compared to Tcl, Perl, Scheme or Java. Python includes\n modules, classes, exceptions, very high level dynamic data types and\n dynamic typing. Python supports interfaces to many system calls and\n libraries, as well as to various windowing systems (X11, Motif, Tk,\n Mac and MFC).\n\n Programmers can write new built-in modules for Python in C or C++.\n Python can be used as an extension language for applications that need\n a programmable interface. This package contains most of the standard\n Python modules, as well as modules for interfacing to the Tix widget\n set for Tk and RPM.\n \n Note that documentation for Python is provided in the python-docs\n package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862160\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-9652\");\n script_cve_id(\"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2008-5983\");\n script_name(\"Fedora Update for python FEDORA-2010-9652\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.4~27.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:43", "description": "Check for the Version of python3", "cvss3": {}, "published": "2010-09-07T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2010-13388", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2017-12-26T00:00:00", "id": "OPENVAS:1361412562310862373", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862373", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2010-13388\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"python3 on Fedora 13\";\ntag_insight = \"Python 3 is a new version of the language that is incompatible with the 2.x\n line of releases. The language is mostly the same, but many details, especially\n how built-in objects like dictionaries and strings work, have changed\n considerably, and a lot of deprecated features have finally been removed.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862373\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 15:09:12 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13388\");\n script_cve_id(\"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2008-5983\");\n script_name(\"Fedora Update for python3 FEDORA-2010-13388\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.1.2~7.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-08T12:54:40", "description": "Check for the Version of python", "cvss3": {}, "published": "2010-07-06T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2010-9565", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2018-01-05T00:00:00", "id": "OPENVAS:1361412562310862218", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862218", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2010-9565\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language often compared to Tcl, Perl, Scheme or Java. Python includes\n modules, classes, exceptions, very high level dynamic data types and\n dynamic typing. Python supports interfaces to many system calls and\n libraries, as well as to various windowing systems (X11, Motif, Tk,\n Mac and MFC).\n\n Programmers can write new built-in modules for Python in C or C++.\n Python can be used as an extension language for applications that need\n a programmable interface. This package contains most of the standard\n Python modules, as well as modules for interfacing to the Tix widget\n set for Tk and RPM.\n \n Note that documentation for Python is provided in the python-docs\n package.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043726.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862218\");\n script_version(\"$Revision: 8296 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 08:28:01 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 10:05:18 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-9565\");\n script_cve_id(\"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2008-5983\");\n script_name(\"Fedora Update for python FEDORA-2010-9565\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.2~8.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:53", "description": "Oracle Linux Local Security Checks ELSA-2011-0027", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0027", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1449", "CVE-2010-1450", "CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634", "CVE-2009-4134"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122278", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122278", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0027.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122278\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:15:51 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0027\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0027 - python security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0027\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0027.html\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-1634\", \"CVE-2010-2089\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~43.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~43.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~43.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~43.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~43.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:55:13", "description": "Check for the Version of python", "cvss3": {}, "published": "2011-01-14T00:00:00", "type": "openvas", "title": "RedHat Update for python RHSA-2011:0027-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1449", "CVE-2010-1450", "CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634", "CVE-2009-4134"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870377", "href": "http://plugins.openvas.org/nasl.php?oid=870377", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2011:0027-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n It was found that many applications embedding the Python interpreter did\n not specify a valid full path to the script or application when calling the\n PySys_SetArgv API function, which could result in the addition of the\n current working directory to the module search path (sys.path). A local\n attacker able to trick a victim into running such an application in an\n attacker-controlled directory could use this flaw to execute code with the\n victim's privileges. This update adds the PySys_SetArgvEx API. Developers\n can modify their applications to use this new API, which sets sys.argv\n without modifying sys.path. (CVE-2008-5983)\n \n Multiple flaws were found in the Python rgbimg module. If an application\n written in Python was using the rgbimg module and loaded a\n specially-crafted SGI image file, it could cause the application to crash\n or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)\n \n Multiple flaws were found in the Python audioop module. Supplying certain\n inputs could cause the audioop module to crash or, possibly, execute\n arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n \n This update also fixes the following bugs:\n \n * When starting a child process from the subprocess module in Python 2.4,\n the parent process could leak file descriptors if an error occurred. This\n update resolves the issue. (BZ#609017)\n \n * Prior to Python 2.7, programs that used "ulimit -n" to enable\n communication with large numbers of subprocesses could still monitor only\n 1024 file descriptors at a time, which caused an exception:\n \n ValueError: filedescriptor out of range in select()\n \n This was due to the subprocess module using the "select" system call. The\n module now uses the "poll" system call, removing this limitation.\n (BZ#609020)\n \n * Prior to Python 2.5, the tarfile module failed to unpack tar files if the\n path was longer than 100 characters. This update backports the tarfile\n module from Python 2.5 and the issue no longer occurs. (BZ#263401)\n \n * The email module incorrectly implemented the logic for obtaining\n attachment file names: the get_filename() fallback for using the deprecated\n "name" parameter of the "Content-Type" header erroneously used the\n "Content-Disposition" header. This update backports a fix from Python 2.6,\n which resolves this issue. (BZ#644147)\n \n * Prior to version 2.5, Python's ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"python on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-January/msg00008.html\");\n script_id(870377);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:0027-01\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-1634\", \"CVE-2010-2089\");\n script_name(\"RedHat Update for python RHSA-2011:0027-01\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-01-14T00:00:00", "type": "openvas", "title": "RedHat Update for python RHSA-2011:0027-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-1449", "CVE-2010-1450", "CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634", "CVE-2009-4134"], "modified": "2019-03-12T00:00:00", "id": "OPENVAS:1361412562310870377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870377", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2011:0027-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-January/msg00008.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870377\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-14 16:07:43 +0100 (Fri, 14 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:0027-01\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-1634\", \"CVE-2010-2089\");\n script_name(\"RedHat Update for python RHSA-2011:0027-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"python on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n It was found that many applications embedding the Python interpreter did\n not specify a valid full path to the script or application when calling the\n PySys_SetArgv API function, which could result in the addition of the\n current working directory to the module search path (sys.path). A local\n attacker able to trick a victim into running such an application in an\n attacker-controlled directory could use this flaw to execute code with the\n victim's privileges. This update adds the PySys_SetArgvEx API. Developers\n can modify their applications to use this new API, which sets sys.argv\n without modifying sys.path. (CVE-2008-5983)\n\n Multiple flaws were found in the Python rgbimg module. If an application\n written in Python was using the rgbimg module and loaded a\n specially-crafted SGI image file, it could cause the application to crash\n or, possibly, execute arbitrary code with the privileges of the user\n running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)\n\n Multiple flaws were found in the Python audioop module. Supplying certain\n inputs could cause the audioop module to crash or, possibly, execute\n arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\n This update also fixes the following bugs:\n\n * When starting a child process from the subprocess module in Python 2.4,\n the parent process could leak file descriptors if an error occurred. This\n update resolves the issue. (BZ#609017)\n\n * Prior to Python 2.7, programs that used 'ulimit -n' to enable\n communication with large numbers of subprocesses could still monitor only\n 1024 file descriptors at a time, which caused an exception:\n\n ValueError: filedescriptor out of range in select()\n\n This was due to the subprocess module using the 'select' system call. The\n module now uses the 'poll' system call, removing this limitation.\n (BZ#609020)\n\n * Prior to Python 2.5, the tarfile module failed to unpack tar files if the\n path was longer than 100 characters. This update backports the tarfile\n module from Python 2.5 and the issue no longer occurs. (BZ#263401)\n\n * The email module incorrectly implemented the logic for obtaining\n attachment file names: the get_filename() fallback for using the deprecated\n 'name' parameter of the 'Content-Type' header erroneously used the\n 'Content-Disposition' header. This update backports a fix from Python 2.6,\n which resolves this issue. (BZ#644147)\n\n * Prior to version 2.5, Python's ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~43.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-04T11:20:20", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1616-1", "cvss3": {}, "published": "2012-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for python3.1 USN-1616-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4944", "CVE-2012-1150", "CVE-2012-0845", "CVE-2012-2135", "CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841199", "href": "http://plugins.openvas.org/nasl.php?oid=841199", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1616_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for python3.1 USN-1616-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Python would prepend an empty string to sys.path\n under certain circumstances. A local attacker with write access to the\n current working directory could exploit this to execute arbitrary code.\n This issue only affected Ubuntu 10.04 LTS. (CVE-2008-5983)\n\n It was discovered that the audioop module did not correctly perform input\n validation. If a user or automatated system were tricked into opening a\n crafted audio file, an attacker could cause a denial of service via\n application crash. These issues only affected Ubuntu 10.04 LTS.\n (CVE-2010-1634, CVE-2010-2089)\n \n It was discovered that Python distutils contained a race condition when\n creating the ~/.pypirc file. A local attacker could exploit this to obtain\n sensitive information. (CVE-2011-4944)\n \n It was discovered that SimpleXMLRPCServer did not properly validate its\n input when handling HTTP POST requests. A remote attacker could exploit\n this to cause a denial of service via excessive CPU utilization.\n (CVE-2012-0845)\n \n It was discovered that Python was susceptible to hash algorithm attacks.\n An attacker could cause a denial of service under certain circumstances.\n This update adds the '-R' command line option and honors setting the\n PYTHONHASHSEED environment variable to 'random' to salt str and datetime\n objects with an unpredictable value. (CVE-2012-1150)\n \n Serhiy Storchaka discovered that the UTF16 decoder in Python did not\n properly reset internal variables after error handling. An attacker could\n exploit this to cause a denial of service via memory corruption.\n (CVE-2012-2135)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1616-1\";\ntag_affected = \"python3.1 on Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1616-1/\");\n script_id(841199);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-26 09:50:43 +0530 (Fri, 26 Oct 2012)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-1150\", \"CVE-2012-2135\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1616-1\");\n script_name(\"Ubuntu Update for python3.1 USN-1616-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python3.1\", ver:\"3.1.2-0ubuntu3.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.1-minimal\", ver:\"3.1.2-0ubuntu3.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python3.1\", ver:\"3.1.3-1ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.1-minimal\", ver:\"3.1.3-1ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:46", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1616-1", "cvss3": {}, "published": "2012-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for python3.1 USN-1616-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-4944", "CVE-2012-1150", "CVE-2012-0845", "CVE-2012-2135", "CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841199", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841199", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1616_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for python3.1 USN-1616-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1616-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841199\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-26 09:50:43 +0530 (Fri, 26 Oct 2012)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-1150\", \"CVE-2012-2135\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1616-1\");\n script_name(\"Ubuntu Update for python3.1 USN-1616-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1616-1\");\n script_tag(name:\"affected\", value:\"python3.1 on Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Python would prepend an empty string to sys.path\n under certain circumstances. A local attacker with write access to the\n current working directory could exploit this to execute arbitrary code.\n This issue only affected Ubuntu 10.04 LTS. (CVE-2008-5983)\n\n It was discovered that the audioop module did not correctly perform input\n validation. If a user or automatated system were tricked into opening a\n crafted audio file, an attacker could cause a denial of service via\n application crash. These issues only affected Ubuntu 10.04 LTS.\n (CVE-2010-1634, CVE-2010-2089)\n\n It was discovered that Python distutils contained a race condition when\n creating the ~/.pypirc file. A local attacker could exploit this to obtain\n sensitive information. (CVE-2011-4944)\n\n It was discovered that SimpleXMLRPCServer did not properly validate its\n input when handling HTTP POST requests. A remote attacker could exploit\n this to cause a denial of service via excessive CPU utilization.\n (CVE-2012-0845)\n\n It was discovered that Python was susceptible to hash algorithm attacks.\n An attacker could cause a denial of service under certain circumstances.\n This update adds the '-R' command line option and honors setting the\n PYTHONHASHSEED environment variable to 'random' to salt str and datetime\n objects with an unpredictable value. (CVE-2012-1150)\n\n Serhiy Storchaka discovered that the UTF16 decoder in Python did not\n properly reset internal variables after error handling. An attacker could\n exploit this to cause a denial of service via memory corruption.\n (CVE-2012-2135)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python3.1\", ver:\"3.1.2-0ubuntu3.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.1-minimal\", ver:\"3.1.2-0ubuntu3.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python3.1\", ver:\"3.1.3-1ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.1-minimal\", ver:\"3.1.3-1ubuntu1.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:19:44", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1596-1", "cvss3": {}, "published": "2012-10-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.6 USN-1596-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-1150", "CVE-2012-0845", "CVE-2010-2089", "CVE-2011-4940", "CVE-2011-1015", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841178", "href": "http://plugins.openvas.org/nasl.php?oid=841178", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1596_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for python2.6 USN-1596-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Python would prepend an empty string to sys.path\n under certain circumstances. A local attacker with write access to the\n current working directory could exploit this to execute arbitrary code.\n (CVE-2008-5983)\n\n It was discovered that the audioop module did not correctly perform input\n validation. If a user or automatated system were tricked into opening a\n crafted audio file, an attacker could cause a denial of service via\n application crash. (CVE-2010-1634, CVE-2010-2089)\n \n Giampaolo Rodola discovered several race conditions in the smtpd module.\n A remote attacker could exploit this to cause a denial of service via\n daemon outage. (CVE-2010-3493)\n \n It was discovered that the CGIHTTPServer module did properly perform\n input validation on certain HTTP GET requests. A remote attacker could\n potentially obtain access to CGI script source files. (CVE-2011-1015)\n \n Niels Heinen discovered that the urllib and urllib2 modules would process\n Location headers that specify a redirection to file: URLs. A remote\n attacker could exploit this to obtain sensitive information or cause a\n denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521)\n \n It was discovered that SimpleHTTPServer did not use a charset parameter in\n the Content-Type HTTP header. An attacker could potentially exploit this\n to conduct cross-site scripting (XSS) attacks against Internet Explorer 7\n users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)\n \n It was discovered that Python distutils contained a race condition when\n creating the ~/.pypirc file. A local attacker could exploit this to obtain\n sensitive information. (CVE-2011-4944)\n \n It was discovered that SimpleXMLRPCServer did not properly validate its\n input when handling HTTP POST requests. A remote attacker could exploit\n this to cause a denial of service via excessive CPU utilization.\n (CVE-2012-0845)\n \n It was discovered that Python was susceptible to hash algorithm attacks.\n An attacker could cause a denial of service under certain circumstances.\n This updates adds the '-R' command line option and honors setting the\n PYTHONHASHSEED environment variable to 'random' to salt str and datetime\n objects with an unpredictable value. (CVE-2012-1150)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1596-1\";\ntag_affected = \"python2.6 on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1596-1/\");\n script_id(841178);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-05 09:45:35 +0530 (Fri, 05 Oct 2012)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\",\n \"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\",\n \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1596-1\");\n script_name(\"Ubuntu Update for python2.6 USN-1596-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.6\", ver:\"2.6.5-1ubuntu6.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.6-minimal\", ver:\"2.6.5-1ubuntu6.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.6\", ver:\"2.6.7-4ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.6-minimal\", ver:\"2.6.7-4ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.6\", ver:\"2.6.6-6ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.6-minimal\", ver:\"2.6.6-6ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:15", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1596-1", "cvss3": {}, "published": "2012-10-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.6 USN-1596-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-1150", "CVE-2012-0845", "CVE-2010-2089", "CVE-2011-4940", "CVE-2011-1015", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841178", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841178", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1596_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for python2.6 USN-1596-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1596-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841178\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-05 09:45:35 +0530 (Fri, 05 Oct 2012)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\",\n \"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\",\n \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1596-1\");\n script_name(\"Ubuntu Update for python2.6 USN-1596-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1596-1\");\n script_tag(name:\"affected\", value:\"python2.6 on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Python would prepend an empty string to sys.path\n under certain circumstances. A local attacker with write access to the\n current working directory could exploit this to execute arbitrary code.\n (CVE-2008-5983)\n\n It was discovered that the audioop module did not correctly perform input\n validation. If a user or automatated system were tricked into opening a\n crafted audio file, an attacker could cause a denial of service via\n application crash. (CVE-2010-1634, CVE-2010-2089)\n\n Giampaolo Rodola discovered several race conditions in the smtpd module.\n A remote attacker could exploit this to cause a denial of service via\n daemon outage. (CVE-2010-3493)\n\n It was discovered that the CGIHTTPServer module did properly perform\n input validation on certain HTTP GET requests. A remote attacker could\n potentially obtain access to CGI script source files. (CVE-2011-1015)\n\n Niels Heinen discovered that the urllib and urllib2 modules would process\n Location headers that specify a redirection to file: URLs. A remote\n attacker could exploit this to obtain sensitive information or cause a\n denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521)\n\n It was discovered that SimpleHTTPServer did not use a charset parameter in\n the Content-Type HTTP header. An attacker could potentially exploit this\n to conduct cross-site scripting (XSS) attacks against Internet Explorer 7\n users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)\n\n It was discovered that Python distutils contained a race condition when\n creating the ~/.pypirc file. A local attacker could exploit this to obtain\n sensitive information. (CVE-2011-4944)\n\n It was discovered that SimpleXMLRPCServer did not properly validate its\n input when handling HTTP POST requests. A remote attacker could exploit\n this to cause a denial of service via excessive CPU utilization.\n (CVE-2012-0845)\n\n It was discovered that Python was susceptible to hash algorithm attacks.\n An attacker could cause a denial of service under certain circumstances.\n This updates adds the '-R' command line option and honors setting the\n PYTHONHASHSEED environment variable to 'random' to salt str and datetime\n objects with an unpredictable value. (CVE-2012-1150)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.6\", ver:\"2.6.5-1ubuntu6.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.6-minimal\", ver:\"2.6.5-1ubuntu6.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.6\", ver:\"2.6.7-4ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.6-minimal\", ver:\"2.6.7-4ubuntu1.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.6\", ver:\"2.6.6-6ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.6-minimal\", ver:\"2.6.6-6ubuntu7.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:20:12", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1613-1", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.5 USN-1613-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3493", "CVE-2012-1148", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-0876", "CVE-2012-0845", "CVE-2010-2089", "CVE-2011-4940", "CVE-2011-1015", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841195", "href": "http://plugins.openvas.org/nasl.php?oid=841195", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1613_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for python2.5 USN-1613-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Python would prepend an empty string to sys.path\n under certain circumstances. A local attacker with write access to the\n current working directory could exploit this to execute arbitrary code.\n (CVE-2008-5983)\n\n It was discovered that the audioop module did not correctly perform input\n validation. If a user or automatated system were tricked into opening a\n crafted audio file, an attacker could cause a denial of service via\n application crash. (CVE-2010-1634, CVE-2010-2089)\n \n Giampaolo Rodola discovered several race conditions in the smtpd module.\n A remote attacker could exploit this to cause a denial of service via\n daemon outage. (CVE-2010-3493)\n \n It was discovered that the CGIHTTPServer module did not properly perform\n input validation on certain HTTP GET requests. A remote attacker could\n potentially obtain access to CGI script source files. (CVE-2011-1015)\n \n Niels Heinen discovered that the urllib and urllib2 modules would process\n Location headers that specify a redirection to file: URLs. A remote\n attacker could exploit this to obtain sensitive information or cause a\n denial of service. (CVE-2011-1521)\n \n It was discovered that SimpleHTTPServer did not use a charset parameter in\n the Content-Type HTTP header. An attacker could potentially exploit this\n to conduct cross-site scripting (XSS) attacks against Internet Explorer 7\n users. (CVE-2011-4940)\n \n It was discovered that Python distutils contained a race condition when\n creating the ~/.pypirc file. A local attacker could exploit this to obtain\n sensitive information. (CVE-2011-4944)\n \n It was discovered that SimpleXMLRPCServer did not properly validate its\n input when handling HTTP POST requests. A remote attacker could exploit\n this to cause a denial of service via excessive CPU utilization.\n (CVE-2012-0845)\n \n It was discovered that the Expat module in Python 2.5 computed hash values\n without restricting the ability to trigger hash collisions predictably. If\n a user or application using pyexpat were tricked into opening a crafted XML\n file, an attacker could cause a denial of service by consuming excessive\n CPU resources. (CVE-2012-0876)\n \n Tim Boddy discovered that the Expat module in Python 2.5 did not properly\n handle memory reallocation when processing XML files. If a user or\n application using pyexpat were tricked into opening a crafted XML file, an\n attacker could cause a denial of service by consuming excessive memory\n resources. (CVE-2012-1148)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1613-1\";\ntag_affected = \"python2.5 on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1613-1/\");\n script_id(841195);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:53:57 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\",\n \"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\",\n \"CVE-2012-0845\", \"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1613-1\");\n script_name(\"Ubuntu Update for python2.5 USN-1613-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.2-2ubuntu6.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.2-2ubuntu6.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:20:32", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1613-2", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.4 USN-1613-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3493", "CVE-2012-1148", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-0876", "CVE-2012-0845", "CVE-2010-2089", "CVE-2011-4940", "CVE-2011-1015", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:841194", "href": "http://plugins.openvas.org/nasl.php?oid=841194", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1613_2.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for python2.4 USN-1613-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the\n corresponding updates for Python 2.4.\n\n Original advisory details:\n \n It was discovered that Python would prepend an empty string to sys.path\n under certain circumstances. A local attacker with write access to the\n current working directory could exploit this to execute arbitrary code.\n (CVE-2008-5983)\n \n It was discovered that the audioop module did not correctly perform input\n validation. If a user or automatated system were tricked into opening a\n crafted audio file, an attacker could cause a denial of service via\n application crash. (CVE-2010-1634, CVE-2010-2089)\n \n Giampaolo Rodola discovered several race conditions in the smtpd module.\n A remote attacker could exploit this to cause a denial of service via\n daemon outage. (CVE-2010-3493)\n \n It was discovered that the CGIHTTPServer module did not properly perform\n input validation on certain HTTP GET requests. A remote attacker could\n potentially obtain access to CGI script source files. (CVE-2011-1015)\n \n Niels Heinen discovered that the urllib and urllib2 modules would process\n Location headers that specify a redirection to file: URLs. A remote\n attacker could exploit this to obtain sensitive information or cause a\n denial of service. (CVE-2011-1521)\n \n It was discovered that SimpleHTTPServer did not use a charset parameter in\n the Content-Type HTTP header. An attacker could potentially exploit this\n to conduct cross-site scripting (XSS) attacks against Internet Explorer 7\n users. (CVE-2011-4940)\n \n It was discovered that Python distutils contained a race condition when\n creating the ~/.pypirc file. A local attacker could exploit this to obtain\n sensitive information. (CVE-2011-4944)\n \n It was discovered that SimpleXMLRPCServer did not properly validate its\n input when handling HTTP POST requests. A remote attacker could exploit\n this to cause a denial of service via excessive CPU utilization.\n (CVE-2012-0845)\n \n It was discovered that the Expat module in Python 2.5 computed hash values\n without restricting the ability to trigger hash collisions predictably. If\n a user or application using pyexpat were tricked into opening a crafted XML\n file, an attacker could cause a denial of service by consuming excessive\n CPU resources. (CVE-2012-0876)\n \n Tim Boddy discovered that the Expat module in Python 2.5 did not properly\n handle memory reallocation when processing XML files. If a user or\n application using pyexpat were tricked into opening a crafted XML file, an\n attacker could cause a denial of service by consuming excessive memory\n resources. (CVE-2012-1148)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1613-2\";\ntag_affected = \"python2.4 on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1613-2/\");\n script_id(841194);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:53:38 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\",\n \"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\",\n \"CVE-2012-0845\", \"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1613-2\");\n script_name(\"Ubuntu Update for python2.4 USN-1613-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.5-1ubuntu4.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.5-1ubuntu4.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:10", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1613-2", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.4 USN-1613-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3493", "CVE-2012-1148", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-0876", "CVE-2012-0845", "CVE-2010-2089", "CVE-2011-4940", "CVE-2011-1015", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841194", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841194", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1613_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for python2.4 USN-1613-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1613-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841194\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:53:38 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\",\n \"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\",\n \"CVE-2012-0845\", \"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1613-2\");\n script_name(\"Ubuntu Update for python2.4 USN-1613-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1613-2\");\n script_tag(name:\"affected\", value:\"python2.4 on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the\n corresponding updates for Python 2.4.\n\n Original advisory details:\n\n It was discovered that Python would prepend an empty string to sys.path\n under certain circumstances. A local attacker with write access to the\n current working directory could exploit this to execute arbitrary code.\n (CVE-2008-5983)\n\n It was discovered that the audioop module did not correctly perform input\n validation. If a user or automatated system were tricked into opening a\n crafted audio file, an attacker could cause a denial of service via\n application crash. (CVE-2010-1634, CVE-2010-2089)\n\n Giampaolo Rodola discovered several race conditions in the smtpd module.\n A remote attacker could exploit this to cause a denial of service via\n daemon outage. (CVE-2010-3493)\n\n It was discovered that the CGIHTTPServer module did not properly perform\n input validation on certain HTTP GET requests. A remote attacker could\n potentially obtain access to CGI script source files. (CVE-2011-1015)\n\n Niels Heinen discovered that the urllib and urllib2 modules would process\n Location headers that specify a redirection to file: URLs. A remote\n attacker could exploit this to obtain sensitive information or cause a\n denial of service. (CVE-2011-1521)\n\n It was discovered that SimpleHTTPServer did not use a charset parameter in\n the Content-Type HTTP header. An attacker could potentially exploit this\n to conduct cross-site scripting (XSS) attacks against Internet Explorer 7\n users. (CVE-2011-4940)\n\n It was discovered that Python distutils contained a race condition when\n creating the ~/.pypirc file. A local attacker could exploit this to obtain\n sensitive information. (CVE-2011-4944)\n\n It was discovered that SimpleXMLRPCServer did not properly validate its\n input when handling HTTP POST requests. A remote attacker could exploit\n this to cause a denial of service via excessive CPU utilization.\n (CVE-2012-0845)\n\n It was discovered that the Expat module in Python 2.5 computed hash values\n without restricting the ability to trigger hash collisions predictably. If\n a user or application using pyexpat were tricked into opening a crafted XML\n file, an attacker could cause a denial of service by consuming excessive\n CPU resources. (CVE-2012-0876)\n\n Tim Boddy discovered that the Expat module in Python 2.5 did not properly\n handle memory reallocation when processing XML files. If a user or\n application using pyexpat were tricked into opening a crafted XML file, an\n attacker could cause a denial of service by consuming excessive memory\n resources. (CVE-2012-1148)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.5-1ubuntu4.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.5-1ubuntu4.4\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:42", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1613-1", "cvss3": {}, "published": "2012-10-19T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.5 USN-1613-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-3493", "CVE-2012-1148", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-0876", "CVE-2012-0845", "CVE-2010-2089", "CVE-2011-4940", "CVE-2011-1015", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310841195", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841195", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1613_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for python2.5 USN-1613-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1613-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841195\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-19 09:53:57 +0530 (Fri, 19 Oct 2012)\");\n script_cve_id(\"CVE-2008-5983\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\",\n \"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\",\n \"CVE-2012-0845\", \"CVE-2012-0876\", \"CVE-2012-1148\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1613-1\");\n script_name(\"Ubuntu Update for python2.5 USN-1613-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1613-1\");\n script_tag(name:\"affected\", value:\"python2.5 on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Python would prepend an empty string to sys.path\n under certain circumstances. A local attacker with write access to the\n current working directory could exploit this to execute arbitrary code.\n (CVE-2008-5983)\n\n It was discovered that the audioop module did not correctly perform input\n validation. If a user or automatated system were tricked into opening a\n crafted audio file, an attacker could cause a denial of service via\n application crash. (CVE-2010-1634, CVE-2010-2089)\n\n Giampaolo Rodola discovered several race conditions in the smtpd module.\n A remote attacker could exploit this to cause a denial of service via\n daemon outage. (CVE-2010-3493)\n\n It was discovered that the CGIHTTPServer module did not properly perform\n input validation on certain HTTP GET requests. A remote attacker could\n potentially obtain access to CGI script source files. (CVE-2011-1015)\n\n Niels Heinen discovered that the urllib and urllib2 modules would process\n Location headers that specify a redirection to file: URLs. A remote\n attacker could exploit this to obtain sensitive information or cause a\n denial of service. (CVE-2011-1521)\n\n It was discovered that SimpleHTTPServer did not use a charset parameter in\n the Content-Type HTTP header. An attacker could potentially exploit this\n to conduct cross-site scripting (XSS) attacks against Internet Explorer 7\n users. (CVE-2011-4940)\n\n It was discovered that Python distutils contained a race condition when\n creating the ~/.pypirc file. A local attacker could exploit this to obtain\n sensitive information. (CVE-2011-4944)\n\n It was discovered that SimpleXMLRPCServer did not properly validate its\n input when handling HTTP POST requests. A remote attacker could exploit\n this to cause a denial of service via excessive CPU utilization.\n (CVE-2012-0845)\n\n It was discovered that the Expat module in Python 2.5 computed hash values\n without restricting the ability to trigger hash collisions predictably. If\n a user or application using pyexpat were tricked into opening a crafted XML\n file, an attacker could cause a denial of service by consuming excessive\n CPU resources. (CVE-2012-0876)\n\n Tim Boddy discovered that the Expat module in Python 2.5 did not properly\n handle memory reallocation when processing XML files. If a user or\n application using pyexpat were tricked into opening a crafted XML file, an\n attacker could cause a denial of service by consuming excessive memory\n resources. (CVE-2012-1148)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.2-2ubuntu6.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.2-2ubuntu6.2\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:14:24", "description": "### Background\n\nThe Eye of GNOME is the official image viewer for the GNOME Desktop environment. \n\n### Description\n\nJames Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy related to CVE-2008-5983. \n\n### Impact\n\nA local attacker could entice a user to run the Eye of GNOME from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nDo not run \"eog\" from untrusted working directories. \n\n### Resolution\n\nAll Eye of GNOME users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-gfx/eog-2.22.3-r3\"", "cvss3": {}, "published": "2009-04-06T00:00:00", "type": "gentoo", "title": "Eye of GNOME: Untrusted search path", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5987"], "modified": "2009-04-06T00:00:00", "id": "GLSA-200904-06", "href": "https://security.gentoo.org/glsa/200904-06", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-17T19:14:30", "description": "### Background\n\ngedit is a text editor for the GNOME desktop. \n\n### Description\n\nJames Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. \n\n### Impact\n\nA local attacker could entice a user to open gedit from a specially crafted environment, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nDo not run gedit from untrusted working directories. \n\n### Resolution\n\nAll gedit 2.22.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-editors/gedit-2.22.3-r1\"\n\nAll gedit 2.24.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-editors/gedit-2.24.3\"", "cvss3": {}, "published": "2009-03-30T00:00:00", "type": "gentoo", "title": "gedit: Untrusted search path", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0314"], "modified": "2009-03-30T00:00:00", "id": "GLSA-200903-41", "href": "https://security.gentoo.org/glsa/200903-41", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:40:30", "description": "Untrusted search path vulnerability in the Python interface in Eye of GNOME\n(eog) 2.22.3, and possibly other versions, allows local users to execute\narbitrary code via a Trojan horse Python file in the current working\ndirectory, related to a vulnerability in the PySys_SetArgv function\n(CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2008-5987", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5987"], "modified": "2009-01-28T00:00:00", "id": "UB:CVE-2008-5987", "href": "https://ubuntu.com/security/CVE-2008-5987", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:26:46", "description": "Untrusted search path vulnerability in the PySys_SetArgv API function in\nPython 2.6 and earlier, and possibly later versions, prepends an empty\nstring to sys.path when the argv[0] argument does not contain a path\nseparator, which might allow local users to execute arbitrary code via a\nTrojan horse Python file in the current working directory.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/322196>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937>\n * <http://bugs.python.org/issue5753>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572010>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | upstream added new C API function, PySys_SetArgvEx, which can be used to set sys.argv without also modifying sys.path. The default behavior for PySys_SetArgv does not change.\n", "cvss3": {}, "published": "2009-01-27T00:00:00", "type": "ubuntucve", "title": "CVE-2008-5983", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983"], "modified": "2009-01-27T00:00:00", "id": "UB:CVE-2008-5983", "href": "https://ubuntu.com/security/CVE-2008-5983", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:40:30", "description": "Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and\npossibly other versions, allows local users to execute arbitrary code via a\nTrojan horse Python file in the current working directory, related to a\nvulnerability in the PySys_SetArgv function (CVE-2008-5983).\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/322196>\n", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2008-5984", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5984"], "modified": "2009-01-28T00:00:00", "id": "UB:CVE-2008-5984", "href": "https://ubuntu.com/security/CVE-2008-5984", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:40:30", "description": "Untrusted search path vulnerability in the (1) \"VST plugin with Python\nscripting\" and (2) \"VST plugin for writing score generators in Python\" in\nCsound 5.08.2, and possibly other versions, allows local users to execute\narbitrary code via a Trojan horse Python file in the current working\ndirectory, related to a vulnerability in the PySys_SetArgv function\n(CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2008-5986", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5986"], "modified": "2009-01-28T00:00:00", "id": "UB:CVE-2008-5986", "href": "https://ubuntu.com/security/CVE-2008-5986", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:40:31", "description": "Untrusted search path vulnerability in the Python interface in Epiphany\n2.22.3, and possibly other versions, allows local users to execute\narbitrary code via a Trojan horse Python file in the current working\ndirectory, related to a vulnerability in the PySys_SetArgv function\n(CVE-2008-5983).\n\n#### Bugs\n\n * <https://bugs.launchpad.net/bugs/322196>\n", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2008-5985", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5985"], "modified": "2009-01-28T00:00:00", "id": "UB:CVE-2008-5985", "href": "https://ubuntu.com/security/CVE-2008-5985", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:40:30", "description": "Untrusted search path vulnerability in src/if_python.c in the Python\ninterface in Vim before 7.2.045 allows local users to execute arbitrary\ncode via a Trojan horse Python file in the current working directory,\nrelated to a vulnerability in the PySys_SetArgv function (CVE-2008-5983),\nas demonstrated by an erroneous search path for plugin/bike.vim in\nbicyclerepair.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/vim/+bug/322196>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937>\n", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2009-0316", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0316"], "modified": "2009-01-28T00:00:00", "id": "UB:CVE-2009-0316", "href": "https://ubuntu.com/security/CVE-2009-0316", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:40:31", "description": "Untrusted search path vulnerability in the Python module in gedit allows\nlocal users to execute arbitrary code via a Trojan horse Python file in the\ncurrent working directory, related to a vulnerability in the PySys_SetArgv\nfunction (CVE-2008-5983).\n\n#### Bugs\n\n * <http://bugzilla.gnome.org/show_bug.cgi?id=569214>\n", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2009-0314", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0314"], "modified": "2009-01-28T00:00:00", "id": "UB:CVE-2009-0314", "href": "https://ubuntu.com/security/CVE-2009-0314", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:40:30", "description": "Untrusted search path vulnerability in the GObject Python interpreter\nwrapper in Gnumeric allows local users to execute arbitrary code via a\nTrojan horse Python file in the current working directory, related to a\nvulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2009-0318", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0318"], "modified": "2009-01-28T00:00:00", "id": "UB:CVE-2009-0318", "href": "https://ubuntu.com/security/CVE-2009-0318", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:40:31", "description": "Untrusted search path vulnerability in the Python module in xchat allows\nlocal users to execute arbitrary code via a Trojan horse Python file in the\ncurrent working directory, related to a vulnerability in the PySys_SetArgv\nfunction (CVE-2008-5983).\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/xchat/+bug/322196>\n", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2009-0315", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0315"], "modified": "2009-01-28T00:00:00", "id": "UB:CVE-2009-0315", "href": "https://ubuntu.com/security/CVE-2009-0315", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T14:40:30", "description": "Untrusted search path vulnerability in the Python language bindings for\nNautilus (nautilus-python) allows local users to execute arbitrary code via\na Trojan horse Python file in the current working directory, related to a\nvulnerability in the PySys_SetArgv function (CVE-2008-5983).\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/nautilus-python/+bug/322196>\n", "cvss3": {}, "published": "2009-01-28T00:00:00", "type": "ubuntucve", "title": "CVE-2009-0317", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0317"], "modified": "2009-01-28T00:00:00", "id": "UB:CVE-2009-0317", "href": "https://ubuntu.com/security/CVE-2009-0317", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200904-06\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Eye of GNOME: Untrusted search path\r\n Date: April 06, 2009\r\n Bugs: #257002\r\n ID: 200904-06\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nAn untrusted search path vulnerability in the Eye of GNOME might result\r\nin the execution of arbitrary code.\r\n\r\nBackground\r\n==========\r\n\r\nThe Eye of GNOME is the official image viewer for the GNOME Desktop\r\nenvironment.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 media-gfx/eog < 2.22.3-r3 >= 2.22.3-r3\r\n\r\nDescription\r\n===========\r\n\r\nJames Vega reported an untrusted search path vulnerability in the\r\nGObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy\r\nrelated to CVE-2008-5983.\r\n\r\nImpact\r\n======\r\n\r\nA local attacker could entice a user to run the Eye of GNOME from a\r\ndirectory containing a specially crafted python module, resulting in\r\nthe execution of arbitrary code with the privileges of the user running\r\nthe application.\r\n\r\nWorkaround\r\n==========\r\n\r\nDo not run "eog" from untrusted working directories.\r\n\r\nResolution\r\n==========\r\n\r\nAll Eye of GNOME users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=media-gfx/eog-2.22.3-r3"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2008-5983\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983\r\n [ 2 ] CVE-2008-5987\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5987\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200904-06.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2009 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5\r\n", "edition": 1, "cvss3": {}, "published": "2009-04-07T00:00:00", "title": "[ GLSA 200904-06 ] Eye of GNOME: Untrusted search path", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-5987", "CVE-2008-5983"], "modified": "2009-04-07T00:00:00", "id": "SECURITYVULNS:DOC:21590", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21590", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:29", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:063\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : eog\r\n Date : March 2, 2009\r\n Affected: 2008.1, 2009.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Python has a variable called sys.path that contains all paths where\r\n Python loads modules by using import scripting procedure. A wrong\r\n handling of that variable enables local attackers to execute arbitrary\r\n code via Python scripting in the current eog working directory\r\n (CVE-2008-5987).\r\n \r\n This update provides fix for that vulnerability.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5987\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.1:\r\n 3a5307da4e704d80ffae6cc0417cf1e8 2008.1/i586/eog-2.22.0-2.1mdv2008.1.i586.rpm\r\n d7e8fe6d4313f5f8dd74bdb3bafdd4e6 2008.1/i586/eog-devel-2.22.0-2.1mdv2008.1.i586.rpm \r\n e93aee8a13e874aad2729d8f0a9dae86 2008.1/SRPMS/eog-2.22.0-2.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n d1e9d29e243845bb4def4538ed4b2024 2008.1/x86_64/eog-2.22.0-2.1mdv2008.1.x86_64.rpm\r\n 25a7459f468c84a16ee922776f0faa4f 2008.1/x86_64/eog-devel-2.22.0-2.1mdv2008.1.x86_64.rpm \r\n e93aee8a13e874aad2729d8f0a9dae86 2008.1/SRPMS/eog-2.22.0-2.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n f31223e6de4f8983881dfcf285dd9edd 2009.0/i586/eog-2.24.0-1.1mdv2009.0.i586.rpm\r\n 083c380961411066f65caf0fd386ba49 2009.0/i586/eog-devel-2.24.0-1.1mdv2009.0.i586.rpm \r\n fd4ecc84ee25b93328b6a3092f6a3a40 2009.0/SRPMS/eog-2.24.0-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n f4ba54784ea91f0f74af8bc5c87d338c 2009.0/x86_64/eog-2.24.0-1.1mdv2009.0.x86_64.rpm\r\n 7a2ae7d440ac69276360b627c09114a4 2009.0/x86_64/eog-devel-2.24.0-1.1mdv2009.0.x86_64.rpm \r\n fd4ecc84ee25b93328b6a3092f6a3a40 2009.0/SRPMS/eog-2.24.0-1.1mdv2009.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFJrEJVmqjQ0CJFipgRAqKTAJ923AHiUFAee/GCbeS/SCWOor8JGQCcCp+X\r\nhezcPNZZftljiR4q3xX3Aw8=\r\n=tzt3\r\n-----END PGP SIGNATURE-----", "edition": 1, "cvss3": {}, "published": "2009-03-04T00:00:00", "title": "[ MDVSA-2009:063 ] eog", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-5987"], "modified": "2009-03-04T00:00:00", "id": "SECURITYVULNS:DOC:21419", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21419", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:50:01", "description": "sys.path variable manipulation is possible to load arbitrary modules.", "edition": 2, "cvss3": {}, "published": "2009-04-07T00:00:00", "title": "blender / gedit / gnumeric / vim / eog python scripts code execution", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-0318", "CVE-2008-5987", "CVE-2009-0316", "CVE-2008-4863", "CVE-2008-5985", "CVE-2009-0314", "CVE-2008-5983"], "modified": "2009-04-07T00:00:00", "id": "SECURITYVULNS:VULN:9683", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9683", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debiancve": [{"lastseen": "2022-08-15T18:53:04", "description": "Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "debiancve", "title": "CVE-2008-5987", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5987"], "modified": "2009-01-28T11:30:00", "id": "DEBIANCVE:CVE-2008-5987", "href": "https://security-tracker.debian.org/tracker/CVE-2008-5987", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T05:59:16", "description": "Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "debiancve", "title": "CVE-2009-0318", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0318"], "modified": "2009-01-28T11:30:00", "id": "DEBIANCVE:CVE-2009-0318", "href": "https://security-tracker.debian.org/tracker/CVE-2009-0318", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-03T05:59:33", "description": "Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "debiancve", "title": "CVE-2009-0314", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0314"], "modified": "2009-01-28T11:30:00", "id": "DEBIANCVE:CVE-2009-0314", "href": "https://security-tracker.debian.org/tracker/CVE-2009-0314", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T06:01:05", "description": "Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "debiancve", "title": "CVE-2009-0317", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0317"], "modified": "2009-01-28T11:30:00", "id": "DEBIANCVE:CVE-2009-0317", "href": "https://security-tracker.debian.org/tracker/CVE-2009-0317", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-06T05:59:38", "description": "Untrusted search path vulnerability in the (1) \"VST plugin with Python scripting\" and (2) \"VST plugin for writing score generators in Python\" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "debiancve", "title": "CVE-2008-5986", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5986"], "modified": "2009-01-28T11:30:00", "id": "DEBIANCVE:CVE-2008-5986", "href": "https://security-tracker.debian.org/tracker/CVE-2008-5986", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-06T06:10:26", "description": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "debiancve", "title": "CVE-2009-0316", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0316"], "modified": "2009-01-28T11:30:00", "id": "DEBIANCVE:CVE-2009-0316", "href": "https://security-tracker.debian.org/tracker/CVE-2009-0316", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-04T06:03:05", "description": "Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "debiancve", "title": "CVE-2009-0315", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0315"], "modified": "2009-01-28T11:30:00", "id": "DEBIANCVE:CVE-2009-0315", "href": "https://security-tracker.debian.org/tracker/CVE-2009-0315", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T10:03:21", "description": "Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "debiancve", "title": "CVE-2008-5985", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5985"], "modified": "2009-01-28T11:30:00", "id": "DEBIANCVE:CVE-2008-5985", "href": "https://security-tracker.debian.org/tracker/CVE-2008-5985", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-17T05:59:19", "description": "Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "debiancve", "title": "CVE-2008-5984", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5984"], "modified": "2009-01-28T11:30:00", "id": "DEBIANCVE:CVE-2008-5984", "href": "https://security-tracker.debian.org/tracker/CVE-2008-5984", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2022-07-27T10:12:33", "description": "python is vulnerable to arbitrary code execution. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim's privileges. This update adds the PySys_SetArgvEx API. Developers can modify their applications to use this new API, which sets sys.argv without modifying sys.path.\n", "cvss3": {}, "published": "2020-04-10T00:53:08", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983"], "modified": "2022-07-05T21:36:34", "id": "VERACODE:24356", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-24356/summary", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-07-05T20:49:13", "description": "Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.", "cvss3": {}, "published": "2009-01-28T02:30:00", "type": "cve", "title": "CVE-2008-5983", "cwe": ["CWE-426"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983"], "modified": "2022-07-05T18:57:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/o:fedoraproject:fedora:13"], "id": "CVE-2008-5983", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5983", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*"]}, {"lastseen": "2022-03-23T13:49:39", "description": "Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "cve", "title": "CVE-2008-5984", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5984"], "modified": "2017-08-08T01:33:00", "cpe": ["cpe:/a:dia:dia:0.96.1"], "id": "CVE-2008-5984", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5984", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:dia:dia:0.96.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:49:39", "description": "Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "cve", "title": "CVE-2008-5985", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5985"], "modified": "2009-03-19T05:48:00", "cpe": ["cpe:/a:gnome:epiphany:2.22.3"], "id": "CVE-2008-5985", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5985", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnome:epiphany:2.22.3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:49:41", "description": "Untrusted search path vulnerability in the (1) \"VST plugin with Python scripting\" and (2) \"VST plugin for writing score generators in Python\" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "cve", "title": "CVE-2008-5986", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5986"], "modified": "2017-08-08T01:33:00", "cpe": ["cpe:/a:csound:csound:5.08.2"], "id": "CVE-2008-5986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5986", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:csound:csound:5.08.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:15:32", "description": "Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "cve", "title": "CVE-2009-0314", "cwe": ["CWE-426"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0314"], "modified": "2020-06-15T17:38:00", "cpe": ["cpe:/o:fedoraproject:fedora:9"], "id": "CVE-2009-0314", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0314", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:15:33", "description": "Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "cve", "title": "CVE-2009-0315", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0315"], "modified": "2009-03-06T06:49:00", "cpe": ["cpe:/a:xchat:xchat:*"], "id": "CVE-2009-0315", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0315", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:xchat:xchat:*:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:15:34", "description": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "cve", "title": "CVE-2009-0316", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0316"], "modified": "2017-08-08T01:33:00", "cpe": ["cpe:/a:vim:vim:5.8", "cpe:/a:vim:vim:6.3", "cpe:/a:vim:vim:4.0", "cpe:/a:vim:vim:6.2", "cpe:/a:vim:vim:5.3", "cpe:/a:vim:vim:5.5", "cpe:/a:vim:vim:6.4", "cpe:/a:vim:vim:5.2", "cpe:/a:vim:vim:7.1", "cpe:/a:vim:vim:5.0", "cpe:/a:vim:vim:7.0", "cpe:/a:vim:vim:5.6", "cpe:/a:vim:vim:1.22", "cpe:/a:vim:vim:5.4", "cpe:/a:vim:vim:6.0", "cpe:/a:vim:vim:5.7", "cpe:/a:vim:vim:1.0", "cpe:/a:vim:vim:5.1", "cpe:/a:vim:vim:7.2", "cpe:/a:vim:vim:3.0", "cpe:/a:vim:vim:6.1"], "id": "CVE-2009-0316", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0316", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:vim:vim:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:6.4:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:6.2:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:5.3:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:6.3:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:5.5:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:1.22:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:5.7:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:7.1:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:5.4:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:5.6:*:*:*:*:*:*:*", "cpe:2.3:a:vim:vim:5.8:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:15:33", "description": "Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "cve", "title": "CVE-2009-0317", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0317"], "modified": "2009-02-05T06:53:00", "cpe": ["cpe:/a:gnome:nautilus-python:*"], "id": "CVE-2009-0317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0317", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnome:nautilus-python:*:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T21:15:34", "description": "Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).", "cvss3": {}, "published": "2009-01-28T11:30:00", "type": "cve", "title": "CVE-2009-0318", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0318"], "modified": "2009-04-16T05:37:00", "cpe": ["cpe:/a:gnome:gnumeric:*"], "id": "CVE-2009-0318", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0318", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnome:gnumeric:*:*:*:*:*:*:*:*"]}], "freebsd": [{"lastseen": "2022-01-19T16:03:50", "description": "\n\nCVE Mitre reports:\n\nUntrusted search path vulnerability in the Python interface in\n\t Epiphany 2.22.3, and possibly other versions, allows local users to\n\t execute arbitrary code via a Trojan horse Python file in the current\n\t working directory, related to a vulnerability in the PySys_SetArgv\n\t function (CVE-2008-5983).\n\n\n", "cvss3": {}, "published": "2009-01-26T00:00:00", "type": "freebsd", "title": "epiphany -- untrusted search path vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2008-5985"], "modified": "2009-01-26T00:00:00", "id": "E848A92F-0E7D-11DE-92DE-000BCDC1757A", "href": "https://vuxml.freebsd.org/freebsd/e848a92f-0e7d-11de-92de-000bcdc1757a.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T18:56:57", "description": "BUGTRAQ ID: 33444\r\nCVE(CAN) ID: CVE-2009-0315\r\n\r\nX-Chat\u662f\u4e00\u6b3e\u514d\u8d39\u5f00\u653e\u6e90\u4ee3\u7801\u7684IRC\u5ba2\u6237\u7aef\u3002\r\n\r\nxchat\u7684Python\u6a21\u5757\u4e2d\u4f7f\u7528\u4e86\u4e0d\u53ef\u4fe1\u4efb\u7684\u641c\u7d22\u8def\u5f84\uff0c\u672c\u5730\u7528\u6237\u53ef\u4ee5\u5728\u5f53\u524d\u5de5\u4f5c\u76ee\u5f55\u4e2d\u653e\u7f6e\u6076\u610f\u7684Python\u6587\u4ef6\u5e76\u5229\u7528PySys_SetArgv\u51fd\u6570\u8c03\u7528\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\uff08CVE-2008-5983\uff09\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nX-Chat X-Chat 2.8.7b\r\nX-Chat X-Chat 2.8.6\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nX-Chat\r\n------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n<a href=http://www.xchat.org/ target=_blank rel=external nofollow>http://www.xchat.org/</a>", "cvss3": {}, "published": "2009-03-05T00:00:00", "title": "XChat PySys_SetArgv\u51fd\u6570\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-5983", "CVE-2009-0315"], "modified": "2009-03-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4870", "id": "SSV:4870", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "description": "Gnumeric is a spreadsheet program for the GNOME GUI desktop environment. ", "cvss3": {}, "published": "2009-02-05T02:15:12", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: gnumeric-1.8.2-6.fc10", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-0318"], "modified": "2009-02-05T02:15:12", "id": "FEDORA:4380D208D5D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AFRTAC6MWZQ2U3ZX6Y5HWDCSEKHQKGG3/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. ", "cvss3": {}, "published": "2010-06-14T17:09:57", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: python-2.6.4-27.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089"], "modified": "2010-06-14T17:09:57", "id": "FEDORA:478CD1119BD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QV62SJ2MJC4YC7ENFVOQ2SQFG2CH5RDH/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. ", "cvss3": {}, "published": "2010-07-05T22:05:10", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: python-2.6.2-8.fc12", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089"], "modified": "2010-07-05T22:05:10", "id": "FEDORA:1015F1115E5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QU5VHO66XVMXTONSOCSWHLHT2INJFCZD/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "description": "Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. ", "cvss3": {}, "published": "2010-09-04T04:58:36", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: python3-3.1.2-7.fc13", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089"], "modified": "2010-09-04T04:58:36", "id": "FEDORA:9C835110BAB", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RWLVRYWEVV3THR2ISANLDBBOXTW5IEJL/", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:42:33", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nIt was found that many applications embedding the Python interpreter did\nnot specify a valid full path to the script or application when calling the\nPySys_SetArgv API function, which could result in the addition of the\ncurrent working directory to the module search path (sys.path). A local\nattacker able to trick a victim into running such an application in an\nattacker-controlled directory could use this flaw to execute code with the\nvictim's privileges. This update adds the PySys_SetArgvEx API. Developers\ncan modify their applications to use this new API, which sets sys.argv\nwithout modifying sys.path. (CVE-2008-5983)\n\nMultiple flaws were found in the Python rgbimg module. If an application\nwritten in Python was using the rgbimg module and loaded a\nspecially-crafted SGI image file, it could cause the application to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)\n\nMultiple flaws were found in the Python audioop module. Supplying certain\ninputs could cause the audioop module to crash or, possibly, execute\narbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nThis update also fixes the following bugs:\n\n* When starting a child process from the subprocess module in Python 2.4,\nthe parent process could leak file descriptors if an error occurred. This\nupdate resolves the issue. (BZ#609017)\n\n* Prior to Python 2.7, programs that used \"ulimit -n\" to enable\ncommunication with large numbers of subprocesses could still monitor only\n1024 file descriptors at a time, which caused an exception:\n\n ValueError: filedescriptor out of range in select()\n\nThis was due to the subprocess module using the \"select\" system call. The\nmodule now uses the \"poll\" system call, removing this limitation.\n(BZ#609020)\n\n* Prior to Python 2.5, the tarfile module failed to unpack tar files if the\npath was longer than 100 characters. This update backports the tarfile\nmodule from Python 2.5 and the issue no longer occurs. (BZ#263401)\n\n* The email module incorrectly implemented the logic for obtaining\nattachment file names: the get_filename() fallback for using the deprecated\n\"name\" parameter of the \"Content-Type\" header erroneously used the\n\"Content-Disposition\" header. This update backports a fix from Python 2.6,\nwhich resolves this issue. (BZ#644147)\n\n* Prior to version 2.5, Python's optimized memory allocator never released\nmemory back to the system. The memory usage of a long-running Python\nprocess would resemble a \"high-water mark\". This update backports a fix\nfrom Python 2.5a1, which frees unused arenas, and adds a non-standard\nsys._debugmallocstats() function, which prints diagnostic information to\nstderr. Finally, when running under Valgrind, the optimized allocator is\ndeactivated, to allow more convenient debugging of Python memory usage\nissues. (BZ#569093)\n\n* The urllib and urllib2 modules ignored the no_proxy variable, which could\nlead to programs such as \"yum\" erroneously accessing a proxy server for\nURLs covered by a \"no_proxy\" exclusion. This update backports fixes of\nurllib and urllib2, which respect the \"no_proxy\" variable, which fixes\nthese issues. (BZ#549372)\n\nAs well, this update adds the following enhancements:\n\n* This update introduces a new python-libs package, subsuming the majority\nof the content of the core python package. This makes both 32-bit and\n64-bit Python libraries available on PowerPC systems. (BZ#625372)\n\n* The python-libs.i386 package is now available for 64-bit Itanium with the\n32-bit Itanium compatibility mode. (BZ#644761)\n\nAll Python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n", "cvss3": {}, "published": "2011-01-13T00:00:00", "type": "redhat", "title": "(RHSA-2011:0027) Low: python security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5983", "CVE-2009-4134", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-1634", "CVE-2010-2089"], "modified": "2017-09-08T07:55:06", "id": "RHSA-2011:0027", "href": "https://access.redhat.com/errata/RHSA-2011:0027", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:35", "description": "python:\n[2.6.6-20]\nResolves: CVE-2010-3493\n[2.6.6-19]\nResolves: CVE-2011-1015\n[2.6.6-18]\nResolves: CVE-2011-1521\n[2.6.6-17]\n- recompile against systemtap 1.4\nRelated: rhbz#569695\n[2.6.6-16]\n- recompile against systemtap 1.4\nRelated: rhbz#569695\n[2.6.6-15]\n- fix race condition that sometimes breaks the build with parallel make\nResolves: rhbz#690315\n[2.6.6-14]\n- backport pre-canned ways of salting a password to the 'crypt' module\nResolves: rhbz#681878\n[2.6.6-13]\n- move lib2to3/tests to the python-test subpackage\nRelated: rhbz#625395\n[2.6.6-12]\n- fix a new test in 2.6.6 that was failing on 64-bit big-endian architectures\nResolves: rhbz#677392\n[2.6.6-11]\n- fix incompatibility between 2.6.6 and our non-standard M2Crypto.SSL.SSLTimeoutError\nResolves: rhbz#681811\n[2.6.6-10]\n- add workaround for bug in rhythmbox-0.12 exposed by python 2.6.6\nResolves: rhbz#684991\n[2.6.6-9]\n- prevent tracebacks for the 'py-bt' gdb command on x86_64\nResolves: rhbz#639392\n[2.6.6-8]\n- fix a regression in 2.6.6 relative to 2.6.5 in urllib2\nResolves: rhbz#669847\n[2.6.6-7]\n- add an optional 'timeout' argument to the subprocess module (patch 131)\nResolves: rhbz#567229\n[2.6.6-6]\n- prevent _sqlite3.so being built with a redundant RPATH of _libdir (patch 130)\n- remove DOS batch file 'idle.bat'\n- remove shebang lines from .py files that aren't executable, and remove\nexecutability from .py files that don't have a shebang line\nRelated: rhbz#634944\n- add 'Obsoletes: python-ssl' to core package, as 2.6 contains the ssl module\nResolves: rhbz#529274\n[2.6.6-5]\n- allow the 'no_proxy' environment variable to override 'ftp_proxy' in\nurllib2 (patch 128)\nResolves: rhbz#637895\n- make garbage-collection assertion failures more informative (patch 129)\nResolves: rhbz#614680\n[2.6.6-4]\n- backport subprocess fixes to use the 'poll' system call, rather than 'select'\nResolves: rhbz#650588\n[2.6.6-3]\n- use an ephemeral port for IDLE, enabling multiple instances to be run\nResolves: rhbz#639222\n- add systemtap static markers, tapsets, and example scripts\nResolves: rhbz#569695\n[2.6.6-2]\n- fix dbm.release on ppc64/s390x\nResolves: rhbz#626756\n- fix missing lib2to3 test files\nResolves: rhbz#625395\n- fix test.test_commands SELinux incompatibility\nResolves: rhbz#625393\n- make 'pydoc -k' more robust in the face of broken modules\nResolves: rhbz#603073\n[2.6.6-1]\n- rebase to 2.6.6: (which contains the big whitespace cleanup of r81031)\n http://www.python.org/download/releases/2.6.6/\n - fixup patch 102, patch 11, patch 52, patch 110\n - drop upstreamed patches: patch 113 (CVE-2010-1634), patch 114\n (CVE-2010-2089), patch 115 (CVE-2008-5983), patch 116 (rhbz598564),\n patch 118 (rhbz540518)\n - add fix for upstream bug in test_posix.py introduced in 2.6.6 (patch 120)\nResolves: rhbz#627301\npython-docs:\n[2.6.6-2]\n- rebuild\n[2.6.6-1]\n- rebase to 2.6.6 to track the main python package\nRelated: rhbz#627301", "cvss3": {}, "published": "2011-05-28T00:00:00", "type": "oraclelinux", "title": "python security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2008-5983", "CVE-2010-1634"], "modified": "2011-05-28T00:00:00", "id": "ELSA-2011-0554", "href": "http://linux.oracle.com/errata/ELSA-2011-0554.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:17", "description": "[2.4.3-43]\n- add missing patch 206\nRelated: rhbz#549372\n[2.4.3-42]\n- fix test_pyclbr to match the urllib change in patch 204 (patch 206)\n- allow the 'no_proxy' environment variable to override 'ftp_proxy' in\nurllib2 (patch 207)\n- fix typos in names of patches 204 and 205\nRelated: rhbz#549372\n[2.4.3-41]\n- backport support for the 'no_proxy' environment variable to the urllib and\nurllib2 modules (patches 204 and 205, respectively)\nResolves: rhbz#549372\n[2.4.3-40]\n- backport fixes for arena allocator from 2.5a1\n- disable arena allocator when run under valgrind on x86, x86_64, ppc, ppc64\n(patch 203)\n- add patch to add sys._debugmallocstats() hook (patch 202)\nResolves: rhbz#569093\n[2.4.3-39]\n- fix various flaws in the 'audioop' module\n- Resolves: CVE-2010-1634 CVE-2010-2089\n- backport the new PySys_SetArgvEx libpython entrypoint from 2.6\n- Related: CVE-2008-5983\n- restrict creation of the .relocation-tag files to i386 builds\n- Related: rhbz#644761\n- move the python-optik metadata from the core subpackage to the python-libs\nsubpackage\n- Related: rhbz#625372\n[2.4.3-38]\n- add metadata to ensure that 'yum install python-libs' works\n- Related: rhbz#625372\n[2.4.3-37]\n- create dummy ELF file '.relocation-tag' to force RPM directory coloring,\nfixing i386 on ia64 compat\n- Resolves: rhbz#644761\n[2.4.3-36]\n- Backport fix for http://bugs.python.org/issue7082 to 2.4.3\n- Resolves: rhbz#644147\n[2.4.3-35]\n- Rework rgbimgmodule fix for CVE-2008-3143\n- Resolves: rhbz#644425 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450\n[2.4.3-34]\n- fix stray 'touch' command\n- Related: rhbz#625372\n[2.4.3-33]\n- Preserve timestamps when fixing shebangs (patch 104) and when installing, to\nminimize .pyc/.pyo differences across architectures (due to the embedded mtime\nin .pyc/.pyo headers)\n- Related: rhbz#625372\n[2.4.3-32]\n- introduce libs subpackage as a dependency of the core package, moving the\nshared libraries and python standard libraries there\n- Resolves: rhbz#625372\n[2.4.3-31]\n- dont use -b when applying patch 103\n- Related: rhbz#263401\n[2.4.3-30]\n- add missing patch\n- Resolves: rhbz#263401\n[2.4.3-29]\n- Backport Python 2.5s tarfile module (0.8.0) to 2.4.3\n- Resolves: rhbz#263401\n[2.4.3-28]\n- Backport fix for leaking filedescriptors in subprocess error-handling path\nfrom Python 2.6\n- Resolves: rhbz#609017\n- Backport usage of 'poll' within the subprocess module to 2.4.3\n- Resolves: rhbz#609020", "cvss3": {}, "published": "2011-01-20T00:00:00", "type": "oraclelinux", "title": "python security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2010-1449", "CVE-2008-3143", "CVE-2010-1450", "CVE-2010-2089", "CVE-2008-5983", "CVE-2010-1634", "CVE-2009-4134"], "modified": "2011-01-20T00:00:00", "id": "ELSA-2011-0027", "href": "http://linux.oracle.com/errata/ELSA-2011-0027.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T13:02:09", "description": "It was discovered that Python would prepend an empty string to sys.path \nunder certain circumstances. A local attacker with write access to the \ncurrent working directory could exploit this to execute arbitrary code. \nThis issue only affected Ubuntu 10.04 LTS. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input \nvalidation. If a user or automatated system were tricked into opening a \ncrafted audio file, an attacker could cause a denial of service via \napplication crash. These issues only affected Ubuntu 10.04 LTS. \n(CVE-2010-1634, CVE-2010-2089)\n\nIt was discovered that Python distutils contained a race condition when \ncreating the ~/.pypirc file. A local attacker could exploit this to obtain \nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its \ninput when handling HTTP POST requests. A remote attacker could exploit \nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. \nAn attacker could cause a denial of service under certian circumstances. \nThis update adds the '-R' command line option and honors setting the \nPYTHONHASHSEED environment variable to 'random' to salt str and datetime \nobjects with an unpredictable value. (CVE-2012-1150)\n\nSerhiy Storchaka discovered that the UTF16 decoder in Python did not \nproperly reset internal variables after error handling. An attacker could \nexploit this to cause a denial of service via memory corruption. \n(CVE-2012-2135)\n", "cvss3": {}, "published": "2012-10-24T00:00:00", "type": "ubuntu", "title": "Python 3.1 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2089", "CVE-2012-0845", "CVE-2008-5983", "CVE-2011-4944", "CVE-2012-2135", "CVE-2012-1150", "CVE-2010-1634"], "modified": "2012-10-24T00:00:00", "id": "USN-1616-1", "href": "https://ubuntu.com/security/notices/USN-1616-1", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:02:32", "description": "It was discovered that Python would prepend an empty string to sys.path \nunder certain circumstances. A local attacker with write access to the \ncurrent working directory could exploit this to execute arbitrary code. \n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input \nvalidation. If a user or automatated system were tricked into opening a \ncrafted audio file, an attacker could cause a denial of service via \napplication crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. \nA remote attacker could exploit this to cause a denial of service via \ndaemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform \ninput validation on certain HTTP GET requests. A remote attacker could \npotentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process \nLocation headers that specify a redirection to file: URLs. A remote \nattacker could exploit this to obtain sensitive information or cause a \ndenial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in \nthe Content-Type HTTP header. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks against Internet Explorer 7 \nusers. This issue only affected Ubuntu 11.04. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when \ncreating the ~/.pypirc file. A local attacker could exploit this to obtain \nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its \ninput when handling HTTP POST requests. A remote attacker could exploit \nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. \nAn attacker could cause a denial of service under certian circumstances. \nThis update adds the '-R' command line option and honors setting the \nPYTHONHASHSEED environment variable to 'random' to salt str and datetime \nobjects with an unpredictable value. (CVE-2012-1150)\n", "cvss3": {}, "published": "2012-10-04T00:00:00", "type": "ubuntu", "title": "Python 2.6 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2089", "CVE-2011-1015", "CVE-2008-5983", "CVE-2011-4944", "CVE-2012-0845", "CVE-2011-1521", "CVE-2012-1150", "CVE-2011-4940", "CVE-2010-1634", "CVE-2010-3493"], "modified": "2012-10-04T00:00:00", "id": "USN-1596-1", "href": "https://ubuntu.com/security/notices/USN-1596-1", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:02:25", "description": "It was discovered that Python would prepend an empty string to sys.path \nunder certain circumstances. A local attacker with write access to the \ncurrent working directory could exploit this to execute arbitrary code. \n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input \nvalidation. If a user or automatated system were tricked into opening a \ncrafted audio file, an attacker could cause a denial of service via \napplication crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. \nA remote attacker could exploit this to cause a denial of service via \ndaemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform \ninput validation on certain HTTP GET requests. A remote attacker could \npotentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process \nLocation headers that specify a redirection to file: URLs. A remote \nattacker could exploit this to obtain sensitive information or cause a \ndenial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in \nthe Content-Type HTTP header. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks against Internet Explorer 7 \nusers. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when \ncreating the ~/.pypirc file. A local attacker could exploit this to obtain \nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its \ninput when handling HTTP POST requests. A remote attacker could exploit \nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values \nwithout restricting the ability to trigger hash collisions predictably. If \na user or application using pyexpat were tricked into opening a crafted XML \nfile, an attacker could cause a denial of service by consuming excessive \nCPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly \nhandle memory reallocation when processing XML files. If a user or \napplication using pyexpat were tricked into opening a crafted XML file, an \nattacker could cause a denial of service by consuming excessive memory \nresources. (CVE-2012-1148)\n", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "ubuntu", "title": "Python 2.5 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2089", "CVE-2012-1148", "CVE-2011-1015", "CVE-2008-5983", "CVE-2011-4944", "CVE-2012-0845", "CVE-2011-1521", "CVE-2012-0876", "CVE-2011-4940", "CVE-2010-1634", "CVE-2010-3493"], "modified": "2012-10-17T00:00:00", "id": "USN-1613-1", "href": "https://ubuntu.com/security/notices/USN-1613-1", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T13:02:15", "description": "USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the \ncorresponding updates for Python 2.4.\n\nOriginal advisory details:\n\nIt was discovered that Python would prepend an empty string to sys.path \nunder certain circumstances. A local attacker with write access to the \ncurrent working directory could exploit this to execute arbitrary code. \n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input \nvalidation. If a user or automatated system were tricked into opening a \ncrafted audio file, an attacker could cause a denial of service via \napplication crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. \nA remote attacker could exploit this to cause a denial of service via \ndaemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform \ninput validation on certain HTTP GET requests. A remote attacker could \npotentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process \nLocation headers that specify a redirection to file: URLs. A remote \nattacker could exploit this to obtain sensitive information or cause a \ndenial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in \nthe Content-Type HTTP header. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks against Internet Explorer 7 \nusers. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when \ncreating the ~/.pypirc file. A local attacker could exploit this to obtain \nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its \ninput when handling HTTP POST requests. A remote attacker could exploit \nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values \nwithout restricting the ability to trigger hash collisions predictably. If \na user or application using pyexpat were tricked into opening a crafted XML \nfile, an attacker could cause a denial of service by consuming excessive \nCPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly \nhandle memory reallocation when processing XML files. If a user or \napplication using pyexpat were tricked into opening a crafted XML file, an \nattacker could cause a denial of service by consuming excessive memory \nresources. (CVE-2012-1148)\n", "cvss3": {}, "published": "2012-10-17T00:00:00", "type": "ubuntu", "title": "Python 2.4 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2089", "CVE-2012-1148", "CVE-2011-1015", "CVE-2008-5983", "CVE-2011-4944", "CVE-2012-0845", "CVE-2011-1521", "CVE-2012-0876", "CVE-2011-4940", "CVE-2010-1634", "CVE-2010-3493"], "modified": "2012-10-17T00:00:00", "id": "USN-1613-2", "href": "https://ubuntu.com/security/notices/USN-1613-2", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}