Lucene search

Amazon Linux AMI : python26 (ALAS-2012-80)

Amazon Linux AMI python26 denial of service vulnerabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 134
seebug.org	Python SimpleXMLRPCServer远程拒绝服务漏洞	16 Feb 201200:00	–	seebug
UbuntuCve	CVE-2012-0845	14 Feb 201200:00	–	ubuntucve
NVD	CVE-2012-0845	5 Oct 201221:55	–	nvd
Amazon	Medium: python27	21 May 201200:00	–	amazon
Amazon	Medium: python26	21 May 201200:00	–	amazon
Amazon	Low: python26	5 Jul 201200:00	–	amazon
OpenVAS	Amazon Linux: Security Advisory (ALAS-2012-80)	8 Sep 201500:00	–	openvas
OpenVAS	FreeBSD Ports: python32	12 Mar 201200:00	–	openvas
OpenVAS	FreeBSD Ports: python32	12 Mar 201200:00	–	openvas
OpenVAS	Amazon Linux: Security Advisory (ALAS-2012-81)	8 Sep 201500:00	–	openvas

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
alas	www.alas.aws.amazon.com/ALAS-2012-80.html

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2012-80.
#

include("compat.inc");

if (description)
{
  script_id(69687);
  script_version("1.5");
  script_cvs_date("Date: 2018/04/18 15:09:34");

  script_cve_id("CVE-2012-0845");
  script_xref(name:"ALAS", value:"2012-80");

  script_name(english:"Amazon Linux AMI : python26 (ALAS-2012-80)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,
2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows
remote attackers to cause a denial of service (infinite loop and CPU
consumption) via an XML-RPC POST request that contains a smaller
amount of data than specified by the Content-Length header."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2012-80.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update python26' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"python26-2.6.8-1.45.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-debuginfo-2.6.8-1.45.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-devel-2.6.8-1.45.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-libs-2.6.8-1.45.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-test-2.6.8-1.45.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-tools-2.6.8-1.45.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python26 / python26-debuginfo / python26-devel / python26-libs / etc");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Sep 2013 00:00Current

8.5High risk

Vulners AI Score8.5

CVSS25

EPSS0.04681