Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM05B0DC8D7A3C31970B0CA0F0C0ED5B3A16233221026D8D9A370AF5E7C32B48F0
HistoryJul 19, 2020 - 12:49 a.m.

Security Bulletin: Python vulnerabilities affect IBM SmartCloud Entry (CVE-2013-1752 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185)

2020-07-1900:49:12
www.ibm.com
15

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

IBM SmartCloud Entry is vulnerable to several Python vulnerabilities. Remote Attackers can exploit them to execute arbitrary code or obtain sensetive information.

Vulnerability Details

CVEID: CVE-2013-1752**
DESCRIPTION:** Python SSL module is vulnerable to denial of service, caused by an unlimited readline() function call. A remote attacker could exploit this vulnerability to exhaust all available memory resources.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90056 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-1912**
DESCRIPTION:** Python is vulnerable to a buffer overflow, caused by improper bounds checking by sock_recvfrom_into() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90931 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2014-4650**
DESCRIPTION:** Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failure to properly handle URL-encoded path separators in URLs. An attacker could exploit this vulnerability to obtain the source code of CGI scripts.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93932 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-7185**
DESCRIPTION:** Python could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in bufferobject.c. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/96193 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 17
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 17

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 18:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+3.1.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 18:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=3.2.0.4-IBM-SCE_APPL-FP18&includeSupersedes=0

Workarounds and Mitigations

None known

Related

openvas 40
nessus 67
oraclelinux 3
redhat 3
centos 2
amazon 6
veracode 6
ibm 3
f5 3
mageia 4
fedora 18
ubuntu 2
gentoo 1
archlinux 2
securityvulns 6
zdt 1
seebug 3
exploitpack 2
packetstorm 1
prion 4
cve 4
debiancve 3
ubuntucve 3
freebsd 1
osv 5
exploitdb 2
debian 2
slackware 1
vmware 1
openvas
openvas
RedHat Update for python RHSA-2015:1330-01
2015-07-23 00:00:00
Oracle Linux Local Check: ELSA-2015-1330
2015-10-06 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-621)
2015-12-15 00:00:00
nessus
nessus
Scientific Linux Security Update : python on SL6.x i386/x86_64 (20150722)
2015-08-04 00:00:00
Oracle Linux 6 : python (ELSA-2015-1330)
2015-07-30 00:00:00
CentOS 6 : python (CESA-2015:1330)
2015-07-28 00:00:00
oraclelinux
oraclelinux
python security, bug fix, and enhancement update
2015-07-28 00:00:00
python27 security, bug fix, and enhancement update
2016-02-04 00:00:00
python security, bug fix, and enhancement update
2015-11-23 00:00:00
redhat
redhat
(RHSA-2015:1330) Moderate: python security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2015:1064) Moderate: python27 security, bug fix, and enhancement update
2015-06-04 00:00:00
(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update
2015-11-19 13:41:01
centos
centos
python, tkinter security update
2015-07-26 14:11:19
python, tkinter security update
2015-11-30 19:48:49
amazon
amazon
Medium: python26
2015-12-14 10:00:00
Medium: python27
2014-11-05 12:15:00
Medium: python27
2014-02-26 14:28:00
veracode
veracode
Improper Input Validation
2019-05-02 05:39:24
Sensitive Information Leakage
2019-05-02 05:39:25
Improper Input Validation
2019-05-02 05:39:24
ibm
ibm
Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:33:00
Security Bulletin: Multiple vulnerabilities in Python affect PowerKVM
2018-06-18 01:30:44
Security Bulletin: Docker and Python as used in IBM QRadar SIEM is vulnerable to various CVEs.
2018-06-16 22:01:04
f5
f5
K93278412 : Python and Jython vulnerabilities CVE-2014-1912 and CVE-2014-4650
2017-07-21 00:00:00
K78825687 : Python and Jython vulnerability CVE-2014-7185
2017-07-21 00:00:00
K53192206 : Python and Jython vulnerability CVE-2013-1752
2017-07-21 00:00:00
mageia
mageia
Updated python & python3 packages fix multiple vulnerabilities
2014-02-20 01:24:08
Updated python packages fix CVE-2014-7185
2014-10-07 13:22:51
Updated python & python3 packages fix two vulnerabilities
2014-07-09 02:35:18
fedora
fedora
[SECURITY] Fedora 20 Update: python-2.7.5-16.fc20
2015-04-22 22:41:55
[SECURITY] Fedora 20 Update: python-2.7.5-10.fc20
2014-02-14 07:51:33
[SECURITY] Fedora 20 Update: python-2.7.5-15.fc20
2014-11-09 15:47:21
ubuntu
ubuntu
Python vulnerabilities
2015-06-25 00:00:00
Python vulnerability
2014-03-03 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2015-03-18 00:00:00
archlinux
archlinux
python2: Information leakage through integer overflow
2014-09-26 00:00:00
python2: multiple issues
2014-12-15 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:197 ] python
2014-10-27 00:00:00
[ MDVSA-2014:041 ] python
2014-03-03 00:00:00
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution
2014-10-15 00:00:00
zdt
zdt
Python socket.recvfrom_into() remote buffer overflow exploit
2014-02-23 00:00:00
seebug
seebug
Python "sock_recvfrom_into()" 缓冲区溢出漏洞
2014-02-25 00:00:00
Python socket.recvfrom_into() - Remote Buffer Overflow
2014-07-01 00:00:00
Python多个安全漏洞
2013-12-30 00:00:00
exploitpack
exploitpack
Python - socket.recvfrom_into() Remote Buffer Overflow
2014-02-24 00:00:00
Python CGIHTTPServer - Encoded Directory Traversal
2014-06-27 00:00:00
packetstorm
packetstorm
Python CGIHTTPServer File Disclosure / Code Execution
2014-06-27 00:00:00
prion
prion
Directory traversal
2020-02-20 17:15:00
Buffer overflow
2014-03-01 00:55:00
Integer overflow
2014-10-08 17:55:00
cve
cve
CVE-2014-1912
2014-03-01 00:55:00
CVE-2014-4650
2020-02-20 17:15:00
CVE-2014-7185
2014-10-08 17:55:00
debiancve
debiancve
CVE-2014-1912
2014-03-01 00:55:00
CVE-2014-4650
2020-02-20 17:15:00
CVE-2014-7185
2014-10-08 17:55:00
ubuntucve
ubuntucve
CVE-2014-7185
2014-10-08 00:00:00
CVE-2014-1912
2014-02-21 00:00:00
CVE-2014-4650
2014-06-25 00:00:00
freebsd
freebsd
Python -- buffer overflow in socket.recvfrom_into()
2014-01-14 00:00:00
osv
osv
smtplib unlimited read
2019-06-03 19:04:24
python2.7 - security update
2014-03-17 00:00:00
python2.6 - regression update
2014-07-31 00:00:00
exploitdb
exploitdb
Python - 'socket.recvfrom_into()' Remote Buffer Overflow
2014-02-24 00:00:00
Python CGIHTTPServer - Encoded Directory Traversal
2014-06-27 00:00:00
debian
debian
[SECURITY] [DSA 2880-1] python2.7 security update
2014-03-17 18:07:37
[DLA 25-1] python2.6 security update
2014-07-31 21:07:32
slackware
slackware
[slackware-security] python
2019-03-03 22:46:15
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for 05B0DC8D7A3C31970B0CA0F0C0ED5B3A16233221026D8D9A370AF5E7C32B48F0
openvas40nessus67oraclelinux3redhat3centos2amazon6veracode6ibm3f53mageia4fedora18ubuntu2gentoo1archlinux2securityvulns6zdt1seebug3exploitpack2packetstorm1prion4cve4debiancve3ubuntucve3freebsd1osv5exploitdb2debian2slackware1vmware1