Amazon Linux 2023 python3 vulnerability (ALAS2023-2023-104
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Amazon Linux 2022 : python3, python3-devel, python3-idle (ALAS2022-2023-273) | 25 Jan 202300:00 | – | nessus |
![]() | Photon OS 4.0: Python3 PHSA-2022-4.0-0283 | 23 Jul 202400:00 | – | nessus |
![]() | EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-1429) | 7 Mar 202300:00 | – | nessus |
![]() | EulerOS 2.0 SP11 : python3 (EulerOS-SA-2023-1414) | 7 Mar 202300:00 | – | nessus |
![]() | CentOS 9 : python3.9-3.9.16-1.el9 | 29 Feb 202400:00 | – | nessus |
![]() | SUSE SLED15 / SLES15 Security Update : python310 (SUSE-SU-2022:4004-1) | 16 Nov 202200:00 | – | nessus |
![]() | SUSE SLED15 / SLES15 Security Update : python39 (SUSE-SU-2022:4071-1) | 19 Nov 202200:00 | – | nessus |
![]() | Amazon Linux 2022 : python3.10, python3.10-devel, python3.10-idle (ALAS2022-2023-274) | 25 Jan 202300:00 | – | nessus |
![]() | Fedora 36 : pypy3.9 (2023-097dd40685) | 13 Jan 202300:00 | – | nessus |
![]() | EulerOS Virtualization 2.11.0 : python3 (EulerOS-SA-2023-2103) | 7 Jun 202300:00 | – | nessus |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-104.
##
include('compat.inc');
if (description)
{
script_id(173191);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/11");
script_cve_id("CVE-2022-42919", "CVE-2022-45061");
script_xref(name:"IAVA", value:"2022-A-0467-S");
script_xref(name:"IAVA", value:"2023-A-0061-S");
script_name(english:"Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2023-104)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-104 advisory.
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-
default configuration. The Python multiprocessing library, when used with the forkserver start method on
Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which
in many system configurations means any user on the same machine. Pickles can execute arbitrary code.
Thus, this allows for local user privilege escalation to the user that any forkserver process is running
as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start
method for multiprocessing is not the default start method. This issue is Linux specific because only
Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract
namespace sockets by default. Support for users manually specifying an abstract namespace socket was added
as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do
that in CPython before 3.9. (CVE-2022-42919)
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path
when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name
being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by
remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger
excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname.
For example, the attack payload could be placed in the Location header of an HTTP response with status
code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. (CVE-2022-45061)
Tenable has extracted the preceding description block directly from the tested product security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2023-104.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-42919.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-45061.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'dnf update python3.9 --releasever=2023.0.20230222 ' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-42919");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/07");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-unversioned-command");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-idle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3-tkinter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3.9-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python3.9-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'python-unversioned-command-3.9.16-1.amzn2023.0.2', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-3.9.16-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-3.9.16-1.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-3.9.16-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-debug-3.9.16-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-debug-3.9.16-1.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-debug-3.9.16-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-devel-3.9.16-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-devel-3.9.16-1.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-devel-3.9.16-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-idle-3.9.16-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-idle-3.9.16-1.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-idle-3.9.16-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-libs-3.9.16-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-libs-3.9.16-1.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-libs-3.9.16-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-test-3.9.16-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-test-3.9.16-1.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-test-3.9.16-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-tkinter-3.9.16-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-tkinter-3.9.16-1.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-tkinter-3.9.16-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3.9-debuginfo-3.9.16-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3.9-debuginfo-3.9.16-1.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3.9-debuginfo-3.9.16-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3.9-debugsource-3.9.16-1.amzn2023.0.2', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3.9-debugsource-3.9.16-1.amzn2023.0.2', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3.9-debugsource-3.9.16-1.amzn2023.0.2', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-unversioned-command / python3 / python3-debug / etc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo