{"id": "ALA_ALAS-2012-80.NASL", "bulletinFamily": "scanner", "title": "Amazon Linux AMI : python26 (ALAS-2012-80)", "description": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.", "published": "2013-09-04T00:00:00", "modified": "2020-01-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/69687", "reporter": "This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.", "references": ["https://alas.aws.amazon.com/ALAS-2012-80.html"], "cvelist": ["CVE-2012-0845"], "type": "nessus", "lastseen": "2020-01-01T06:40:00", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2012-0845"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "c1d4164e924f76046bcb3e42d62e26bc7370d93778faecd5f2287c234b33ef59", "hashmap": [{"hash": "2dc1c3316bbeba1f088544d6f5249de1", "key": "title"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "a565d43b6208ac1036f1979246f8a842", "key": "description"}, {"hash": "101142e9d6889c727f7e801764e81aef", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d95ac6cf1c887bac0e4586c549505236", "key": "references"}, {"hash": "de25676891f23b04ab869e6e7840e9a3", "key": "published"}, {"hash": "6369b48f5f071a3d6bf498dcf7304a76", "key": "cvelist"}, {"hash": "8e217f9c402eca7692b6c0ea74c34409", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "c7e47e4bba31c0bc8866ed3ed03997fa", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69687", "id": "ALA_ALAS-2012-80.NASL", "lastseen": "2018-09-01T23:41:03", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "69687", "published": "2013-09-04T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2012-80.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-80.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69687);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0845\");\n script_xref(name:\"ALAS\", value:\"2012-80\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2012-80)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-80.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.8-1.45.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2012-80)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:41:03"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2012-0845"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-02-21T01:19:57", "references": [{"idList": ["ALA_ALAS-2012-81.NASL", "FEDORA_2012-5916.NASL", "FEDORA_2012-5924.NASL", "FREEBSD_PKG_B4F8BE9E56B211E19FB7003067B2972C.NASL", "MANDRIVA_MDVSA-2012-097.NASL", "FEDORA_2012-5785.NASL", "FEDORA_2012-5892.NASL", "CENTOS_RHSA-2012-0744.NASL", "FEDORA_2012-9135.NASL", "ORACLELINUX_ELSA-2012-0744.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DLA-25-1:0FCA7"], "type": "debian"}, {"idList": ["F5:K75910138"], "type": "f5"}, {"idList": ["SECURITYVULNS:DOC:28232", "SECURITYVULNS:VULN:12454"], "type": "securityvulns"}, {"idList": ["ALAS-2012-098", "ALAS-2012-081", "ALAS-2012-080"], "type": "amazon"}, {"idList": ["CVE-2012-0845"], "type": "cve"}, {"idList": ["CESA-2012:0744"], "type": "centos"}, {"idList": ["SSV:30124"], "type": "seebug"}, {"idList": ["RHSA-2012:0744"], "type": "redhat"}, {"idList": ["OPENVAS:1361412562310120126", "OPENVAS:1361412562310864392", "OPENVAS:864199", "OPENVAS:136141256231071172", "OPENVAS:71172", "OPENVAS:864477", "OPENVAS:864218", "OPENVAS:1361412562310864477", "OPENVAS:1361412562310120125", "OPENVAS:1361412562310864384"], "type": "openvas"}, {"idList": ["USN-1615-1", "USN-1613-2", "USN-1596-1", "USN-1613-1", "USN-1616-1", "USN-1592-1"], "type": "ubuntu"}, {"idList": ["ELSA-2012-0744"], "type": "oraclelinux"}, {"idList": ["GLSA-201401-04"], "type": "gentoo"}, {"idList": ["B4F8BE9E-56B2-11E1-9FB7-003067B2972C"], "type": "freebsd"}]}, "score": {"modified": "2019-02-21T01:19:57", "value": 5.4, "vector": "NONE"}}, "hash": "c1d4164e924f76046bcb3e42d62e26bc7370d93778faecd5f2287c234b33ef59", "hashmap": [{"hash": "2dc1c3316bbeba1f088544d6f5249de1", "key": "title"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "a565d43b6208ac1036f1979246f8a842", "key": "description"}, {"hash": "101142e9d6889c727f7e801764e81aef", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d95ac6cf1c887bac0e4586c549505236", "key": "references"}, {"hash": "de25676891f23b04ab869e6e7840e9a3", "key": "published"}, {"hash": "6369b48f5f071a3d6bf498dcf7304a76", "key": "cvelist"}, {"hash": "8e217f9c402eca7692b6c0ea74c34409", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "c7e47e4bba31c0bc8866ed3ed03997fa", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69687", "id": "ALA_ALAS-2012-80.NASL", "lastseen": "2019-02-21T01:19:57", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "69687", "published": "2013-09-04T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2012-80.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-80.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69687);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0845\");\n script_xref(name:\"ALAS\", value:\"2012-80\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2012-80)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-80.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.8-1.45.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2012-80)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss", "description", "reporter", "modified", "href"], "edition": 7, "lastseen": "2019-02-21T01:19:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2012-0845"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "description": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.", "edition": 10, "enchantments": {"dependencies": {"modified": "2019-12-13T06:38:54", "references": [{"idList": ["ALA_ALAS-2012-81.NASL", "FEDORA_2012-5916.NASL", "FEDORA_2012-5924.NASL", "FREEBSD_PKG_B4F8BE9E56B211E19FB7003067B2972C.NASL", "MANDRIVA_MDVSA-2012-097.NASL", "FEDORA_2012-5785.NASL", "FEDORA_2012-5892.NASL", "FEDORA_2012-9135.NASL", "REDHAT-RHSA-2012-0744.NASL", "ORACLELINUX_ELSA-2012-0744.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DLA-25-1:0FCA7"], "type": "debian"}, {"idList": ["F5:K75910138"], "type": "f5"}, {"idList": ["SECURITYVULNS:DOC:28232", "SECURITYVULNS:VULN:12454"], "type": "securityvulns"}, {"idList": ["ALAS-2012-098", "ALAS-2012-081", "ALAS-2012-080"], "type": "amazon"}, {"idList": ["CVE-2012-0845"], "type": "cve"}, {"idList": ["CESA-2012:0744"], "type": "centos"}, {"idList": ["SSV:30124"], "type": "seebug"}, {"idList": ["OPENVAS:1361412562310864218", "OPENVAS:1361412562310120126", "OPENVAS:864317", "OPENVAS:1361412562310864392", "OPENVAS:864199", "OPENVAS:136141256231071172", "OPENVAS:71172", "OPENVAS:864477", "OPENVAS:864218", "OPENVAS:1361412562310120125"], "type": "openvas"}, {"idList": ["RHSA-2012:0744"], "type": "redhat"}, {"idList": ["USN-1615-1", "USN-1613-2", "USN-1596-1", "USN-1613-1", "USN-1616-1", "USN-1592-1"], "type": "ubuntu"}, {"idList": ["ELSA-2012-0744"], "type": "oraclelinux"}, {"idList": ["GLSA-201401-04"], "type": "gentoo"}, {"idList": ["B4F8BE9E-56B2-11E1-9FB7-003067B2972C"], "type": "freebsd"}]}, "score": {"modified": "2019-12-13T06:38:54", "value": 5.4, "vector": "NONE"}}, "hash": "7b61f5b06af6e901b85a4e8fcf8be0a8fada0a850353b5cdc5a858f474bf01fc", "hashmap": [{"hash": "2dc1c3316bbeba1f088544d6f5249de1", "key": "title"}, {"hash": "d7723407cab82ee0e73ccd0ea855d025", "key": "description"}, {"hash": "101142e9d6889c727f7e801764e81aef", "key": "sourceData"}, {"hash": "d95ac6cf1c887bac0e4586c549505236", "key": "references"}, {"hash": "de25676891f23b04ab869e6e7840e9a3", "key": "published"}, {"hash": "50ed560066b3a0229045f9bda2f22aac", "key": "href"}, {"hash": "6369b48f5f071a3d6bf498dcf7304a76", "key": "cvelist"}, {"hash": "8e217f9c402eca7692b6c0ea74c34409", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "528cea5b87bf77107bd9f05291bbffe5", "key": "reporter"}, {"hash": "5a7504dfe859a7ccbaf560628f6442ad", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/69687", "id": "ALA_ALAS-2012-80.NASL", "lastseen": "2019-12-13T06:38:54", "modified": "2019-12-02T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "69687", "published": "2013-09-04T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2012-80.html"], "reporter": "This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-80.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69687);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0845\");\n script_xref(name:\"ALAS\", value:\"2012-80\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2012-80)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-80.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.8-1.45.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2012-80)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 10, "lastseen": "2019-12-13T06:38:54"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2012-0845"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "c1d4164e924f76046bcb3e42d62e26bc7370d93778faecd5f2287c234b33ef59", "hashmap": [{"hash": "2dc1c3316bbeba1f088544d6f5249de1", "key": "title"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "a565d43b6208ac1036f1979246f8a842", "key": "description"}, {"hash": "101142e9d6889c727f7e801764e81aef", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d95ac6cf1c887bac0e4586c549505236", "key": "references"}, {"hash": "de25676891f23b04ab869e6e7840e9a3", "key": "published"}, {"hash": "6369b48f5f071a3d6bf498dcf7304a76", "key": "cvelist"}, {"hash": "8e217f9c402eca7692b6c0ea74c34409", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "c7e47e4bba31c0bc8866ed3ed03997fa", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69687", "id": "ALA_ALAS-2012-80.NASL", "lastseen": "2018-04-19T07:36:29", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "69687", "published": "2013-09-04T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2012-80.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-80.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69687);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0845\");\n script_xref(name:\"ALAS\", value:\"2012-80\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2012-80)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-80.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.8-1.45.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2012-80)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-04-19T07:36:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2012-0845"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.", "edition": 2, "enchantments": {"score": {"modified": "2017-10-29T13:36:24", "value": 5.4, "vector": "AV:N/AC:M/Au:M/C:P/I:P/A:P/"}}, "hash": "f5ed6b980f77078daf637d2ee733ae2be84840b9fd696b13de7ea17091be6e74", "hashmap": [{"hash": "362fc9049e7a6146edef1255e1e8bc14", "key": "sourceData"}, {"hash": "2dc1c3316bbeba1f088544d6f5249de1", "key": "title"}, {"hash": "a565d43b6208ac1036f1979246f8a842", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d95ac6cf1c887bac0e4586c549505236", "key": "references"}, {"hash": "de25676891f23b04ab869e6e7840e9a3", "key": "published"}, {"hash": "6369b48f5f071a3d6bf498dcf7304a76", "key": "cvelist"}, {"hash": "8e217f9c402eca7692b6c0ea74c34409", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "c7e47e4bba31c0bc8866ed3ed03997fa", "key": "href"}, {"hash": "953188e6f812ff64dfbb546f22d3eaf8", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=69687", "id": "ALA_ALAS-2012-80.NASL", "lastseen": "2017-10-29T13:36:24", "modified": "2015-01-30T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "69687", "published": "2013-09-04T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2012-80.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-80.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69687);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/01/30 14:43:53 $\");\n\n script_cve_id(\"CVE-2012-0845\");\n script_xref(name:\"ALAS\", value:\"2012-80\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2012-80)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-80.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.8-1.45.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2012-80)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:36:24"}], "edition": 11, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "f3e0471951aa3daaad428b831c6d6755"}, {"key": "cvelist", "hash": "6369b48f5f071a3d6bf498dcf7304a76"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "description", "hash": "d7723407cab82ee0e73ccd0ea855d025"}, {"key": "href", "hash": "50ed560066b3a0229045f9bda2f22aac"}, {"key": "modified", "hash": "2249940a684898a70237266de5d6dd6c"}, {"key": "naslFamily", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "pluginID", "hash": "8e217f9c402eca7692b6c0ea74c34409"}, {"key": "published", "hash": "de25676891f23b04ab869e6e7840e9a3"}, {"key": "references", "hash": "d95ac6cf1c887bac0e4586c549505236"}, {"key": "reporter", "hash": "528cea5b87bf77107bd9f05291bbffe5"}, {"key": "sourceData", "hash": "101142e9d6889c727f7e801764e81aef"}, {"key": "title", "hash": "2dc1c3316bbeba1f088544d6f5249de1"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "1ffcb9b569c9b90e30ef7564902f1796d9e93775d5b375e4315638b1805de853", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0845"]}, {"type": "f5", "idList": ["F5:K75910138"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120126", "OPENVAS:1361412562310120125", "OPENVAS:136141256231071172", "OPENVAS:71172", "OPENVAS:1361412562310864392", "OPENVAS:864199", "OPENVAS:864477", "OPENVAS:864218", "OPENVAS:1361412562310864384", "OPENVAS:1361412562310864477"]}, {"type": "amazon", "idList": ["ALAS-2012-080", "ALAS-2012-081", "ALAS-2012-098"]}, {"type": "freebsd", "idList": ["B4F8BE9E-56B2-11E1-9FB7-003067B2972C"]}, {"type": "seebug", "idList": ["SSV:30124"]}, {"type": "nessus", "idList": ["ALA_ALAS-2012-81.NASL", "FREEBSD_PKG_B4F8BE9E56B211E19FB7003067B2972C.NASL", "FEDORA_2012-5892.NASL", "FEDORA_2012-5924.NASL", "FEDORA_2012-5916.NASL", "FEDORA_2012-5785.NASL", "FEDORA_2012-9135.NASL", "MANDRIVA_MDVSA-2012-097.NASL", "SUSE_11_PYTHON-RANDOMISATION-UPDATE-120516.NASL", "ORACLELINUX_ELSA-2012-0744.NASL"]}, {"type": "ubuntu", "idList": ["USN-1592-1", "USN-1615-1", "USN-1616-1", "USN-1613-2", "USN-1613-1", "USN-1596-1"]}, {"type": "redhat", "idList": ["RHSA-2012:0744"]}, {"type": "centos", "idList": ["CESA-2012:0744"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0744"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12454", "SECURITYVULNS:DOC:28232"]}, {"type": "gentoo", "idList": ["GLSA-201401-04"]}, {"type": "debian", "idList": ["DEBIAN:DLA-25-1:0FCA7"]}], "modified": "2020-01-01T06:40:00"}, "score": {"value": 5.4, "vector": "NONE", "modified": "2020-01-01T06:40:00"}, "vulnersScore": 5.4}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-80.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69687);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0845\");\n script_xref(name:\"ALAS\", value:\"2012-80\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2012-80)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-80.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.8-1.45.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.8-1.45.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "69687", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "scheme": null}

{"cve": [{"lastseen": "2020-01-22T14:14:08", "bulletinFamily": "NVD", "description": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.", "modified": "2019-10-25T11:53:00", "id": "CVE-2012-0845", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0845", "published": "2012-10-05T21:55:00", "title": "CVE-2012-0845", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2020-01-23T02:27:39", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2018-09-12T00:17:00", "published": "2018-09-12T00:17:00", "id": "F5:K75910138", "href": "https://support.f5.com/csp/article/K75910138", "title": "Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:39:07", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120126", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120126", "title": "Amazon Linux Local Check: ALAS-2012-81", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2012-81.nasl 6578 2017-07-06 13:44:33Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120126\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:09 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2012-81\");\n script_tag(name:\"insight\", value:\"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.\");\n script_tag(name:\"solution\", value:\"Run yum update python27 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-81.html\");\n script_cve_id(\"CVE-2012-0845\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"python27\", rpm:\"python27~2.7.3~1.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-libs\", rpm:\"python27-libs~2.7.3~1.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-devel\", rpm:\"python27-devel~2.7.3~1.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-test\", rpm:\"python27-test~2.7.3~1.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-tools\", rpm:\"python27-tools~2.7.3~1.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-debuginfo\", rpm:\"python27-debuginfo~2.7.3~1.18.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:42", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120125", "title": "Amazon Linux Local Check: ALAS-2012-80", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2012-80.nasl 6578 2017-07-06 13:44:33Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120125\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:08 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2012-80\");\n script_tag(name:\"insight\", value:\"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.\");\n script_tag(name:\"solution\", value:\"Run yum update python26 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-80.html\");\n script_cve_id(\"CVE-2012-0845\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"python26-devel\", rpm:\"python26-devel~2.6.8~1.45.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26-tools\", rpm:\"python26-tools~2.6.8~1.45.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26-test\", rpm:\"python26-test~2.6.8~1.45.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26-debuginfo\", rpm:\"python26-debuginfo~2.6.8~1.45.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26\", rpm:\"python26~2.6.8~1.45.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26-libs\", rpm:\"python26-libs~2.6.8~1.45.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-03-12T00:00:00", "id": "OPENVAS:136141256231071172", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071172", "title": "FreeBSD Ports: python32", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_python32.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID b4f8be9e-56b2-11e1-9fb7-003067b2972c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71172\");\n script_cve_id(\"CVE-2012-0845\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:07 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"FreeBSD Ports: python32\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n python32\n python31\n python27\n python26\n python25\n python24\n pypy\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue14001\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789790\");\n script_xref(name:\"URL\", value:\"https://bugs.pypy.org/issue1047\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"python32\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.2.2_2\")<=0) {\n txt += \"Package python32 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"python31\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.1.4_2\")<=0) {\n txt += \"Package python31 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"python27\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7.2_3\")<=0) {\n txt += \"Package python27 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"python26\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.7_2\")<=0) {\n txt += \"Package python26 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"python25\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.6_2\")<=0) {\n txt += \"Package python25 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"python24\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.4.5_8\")<=0) {\n txt += \"Package python24 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"pypy\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7\")<=0) {\n txt += \"Package pypy version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-02T21:10:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-19T00:00:00", "published": "2012-03-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71172", "id": "OPENVAS:71172", "title": "FreeBSD Ports: python32", "type": "openvas", "sourceData": "#\n#VID b4f8be9e-56b2-11e1-9fb7-003067b2972c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID b4f8be9e-56b2-11e1-9fb7-003067b2972c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n python32\n python31\n python27\n python26\n python25\n python24\n pypy\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.python.org/issue14001\nhttps://bugzilla.redhat.com/show_bug.cgi?id=789790\nhttps://bugs.pypy.org/issue1047\nhttp://www.vuxml.org/freebsd/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71172);\n script_cve_id(\"CVE-2012-0845\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_version(\"$Revision: 5977 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-19 11:02:22 +0200 (Wed, 19 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-12 11:35:07 -0400 (Mon, 12 Mar 2012)\");\n script_name(\"FreeBSD Ports: python32\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"python32\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.2.2_2\")<=0) {\n txt += \"Package python32 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"python31\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.1.4_2\")<=0) {\n txt += \"Package python31 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"python27\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.7.2_3\")<=0) {\n txt += \"Package python27 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"python26\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.7_2\")<=0) {\n txt += \"Package python26 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"python25\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.6_2\")<=0) {\n txt += \"Package python25 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"python24\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.4.5_8\")<=0) {\n txt += \"Package python24 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"pypy\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7\")<=0) {\n txt += \"Package pypy version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864392", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864392", "title": "Fedora Update for python-docs FEDORA-2012-5892", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-docs FEDORA-2012-5892\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079569.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864392\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:07:36 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5892\");\n script_name(\"Fedora Update for python-docs FEDORA-2012-5892\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-docs'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"python-docs on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.7.3~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-01-08T12:58:51", "bulletinFamily": "scanner", "description": "Check for the Version of python3", "modified": "2018-01-08T00:00:00", "published": "2012-05-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864199", "id": "OPENVAS:864199", "title": "Fedora Update for python3 FEDORA-2012-5916", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2012-5916\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"python3 on Fedora 15\";\ntag_insight = \"Python 3 is a new version of the language that is incompatible with the 2.x\n line of releases. The language is mostly the same, but many details, especially\n how built-in objects like dictionaries and strings work, have changed\n considerably, and a lot of deprecated features have finally been removed.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079698.html\");\n script_id(864199);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-04 10:45:29 +0530 (Fri, 04 May 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-5916\");\n script_name(\"Fedora Update for python3 FEDORA-2012-5916\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.2.3~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:56:40", "bulletinFamily": "scanner", "description": "Check for the Version of python3", "modified": "2018-01-03T00:00:00", "published": "2012-06-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864477", "id": "OPENVAS:864477", "title": "Fedora Update for python3 FEDORA-2012-9135", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2012-9135\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"python3 on Fedora 16\";\ntag_insight = \"Python 3 is a new version of the language that is incompatible with the 2.x\n line of releases. The language is mostly the same, but many details, especially\n how built-in objects like dictionaries and strings work, have changed\n considerably, and a lot of deprecated features have finally been removed.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082457.html\");\n script_id(864477);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:24:46 +0530 (Fri, 22 Jun 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-9135\");\n script_name(\"Fedora Update for python3 FEDORA-2012-9135\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.2.3~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:06:24", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2018-01-04T00:00:00", "published": "2012-05-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=864218", "id": "OPENVAS:864218", "title": "Fedora Update for python FEDORA-2012-5924", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2012-5924\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language often compared to Tcl, Perl, Scheme or Java. Python includes\n modules, classes, exceptions, very high level dynamic data types and\n dynamic typing. Python supports interfaces to many system calls and\n libraries, as well as to various windowing systems (X11, Motif, Tk,\n Mac and MFC).\n\n Programmers can write new built-in modules for Python in C or C++.\n Python can be used as an extension language for applications that need\n a programmable interface.\n\n Note that documentation for Python is provided in the python-docs\n package.\n\n This package provides the &quot;python&quot; executable; most of the actual\n implementation is within the &quot;python-libs&quot; package.\";\n\ntag_affected = \"python on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079978.html\");\n script_id(864218);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-05-08 12:34:52 +0530 (Tue, 08 May 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2012-5924\");\n script_name(\"Fedora Update for python FEDORA-2012-5924\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.3~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864384", "title": "Fedora Update for python FEDORA-2012-5892", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2012-5892\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079570.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864384\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:06:37 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-5892\");\n script_name(\"Fedora Update for python FEDORA-2012-5892\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"python on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.3~3.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:56", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-06-22T00:00:00", "id": "OPENVAS:1361412562310864477", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864477", "title": "Fedora Update for python3 FEDORA-2012-9135", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2012-9135\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082457.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864477\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:24:46 +0530 (Fri, 22 Jun 2012)\");\n script_cve_id(\"CVE-2012-1150\", \"CVE-2012-0845\", \"CVE-2011-3389\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"FEDORA\", value:\"2012-9135\");\n script_name(\"Fedora Update for python3 FEDORA-2012-9135\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"python3 on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.2.3~2.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:32", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nSimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.\n\n \n**Affected Packages:** \n\n\npython26\n\n \n**Issue Correction:** \nRun _yum update python26_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python26-devel-2.6.8-1.45.amzn1.i686 \n python26-tools-2.6.8-1.45.amzn1.i686 \n python26-test-2.6.8-1.45.amzn1.i686 \n python26-debuginfo-2.6.8-1.45.amzn1.i686 \n python26-2.6.8-1.45.amzn1.i686 \n python26-libs-2.6.8-1.45.amzn1.i686 \n \n src: \n python26-2.6.8-1.45.amzn1.src \n \n x86_64: \n python26-debuginfo-2.6.8-1.45.amzn1.x86_64 \n python26-devel-2.6.8-1.45.amzn1.x86_64 \n python26-2.6.8-1.45.amzn1.x86_64 \n python26-libs-2.6.8-1.45.amzn1.x86_64 \n python26-test-2.6.8-1.45.amzn1.x86_64 \n python26-tools-2.6.8-1.45.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T16:11:00", "published": "2014-09-14T16:11:00", "id": "ALAS-2012-080", "href": "https://alas.aws.amazon.com/ALAS-2012-80.html", "title": "Medium: python26", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:25", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nSimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.\n\n \n**Affected Packages:** \n\n\npython27\n\n \n**Issue Correction:** \nRun _yum update python27_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python27-2.7.3-1.18.amzn1.i686 \n python27-libs-2.7.3-1.18.amzn1.i686 \n python27-devel-2.7.3-1.18.amzn1.i686 \n python27-test-2.7.3-1.18.amzn1.i686 \n python27-tools-2.7.3-1.18.amzn1.i686 \n python27-debuginfo-2.7.3-1.18.amzn1.i686 \n \n src: \n python27-2.7.3-1.18.amzn1.src \n \n x86_64: \n python27-libs-2.7.3-1.18.amzn1.x86_64 \n python27-tools-2.7.3-1.18.amzn1.x86_64 \n python27-2.7.3-1.18.amzn1.x86_64 \n python27-test-2.7.3-1.18.amzn1.x86_64 \n python27-devel-2.7.3-1.18.amzn1.x86_64 \n python27-debuginfo-2.7.3-1.18.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T16:12:00", "published": "2014-09-14T16:12:00", "id": "ALAS-2012-081", "href": "https://alas.aws.amazon.com/ALAS-2012-81.html", "title": "Medium: python27", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:50", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. ([CVE-2012-1150 __](<https://access.redhat.com/security/cve/CVE-2012-1150>))\n\nNote: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new \"PYTHONHASHSEED\" environment variable or the Python interpreter's \"-R\" command line option can be used. Refer to the python(1) manual page for details.\n\nA flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer. ([CVE-2012-0845 __](<https://access.redhat.com/security/cve/CVE-2012-0845>))\n\nA flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). ([CVE-2011-4940 __](<https://access.redhat.com/security/cve/CVE-2011-4940>))\n\nA race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. ([CVE-2011-4944 __](<https://access.redhat.com/security/cve/CVE-2011-4944>))\n\n \n**Affected Packages:** \n\n\npython26\n\n \n**Issue Correction:** \nRun _yum update python26_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python26-2.6.8-2.28.amzn1.i686 \n python26-test-2.6.8-2.28.amzn1.i686 \n python26-debuginfo-2.6.8-2.28.amzn1.i686 \n python26-libs-2.6.8-2.28.amzn1.i686 \n python26-devel-2.6.8-2.28.amzn1.i686 \n python26-tools-2.6.8-2.28.amzn1.i686 \n \n src: \n python26-2.6.8-2.28.amzn1.src \n \n x86_64: \n python26-devel-2.6.8-2.28.amzn1.x86_64 \n python26-debuginfo-2.6.8-2.28.amzn1.x86_64 \n python26-test-2.6.8-2.28.amzn1.x86_64 \n python26-tools-2.6.8-2.28.amzn1.x86_64 \n python26-libs-2.6.8-2.28.amzn1.x86_64 \n python26-2.6.8-2.28.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T16:31:00", "published": "2014-09-14T16:31:00", "id": "ALAS-2012-098", "href": "https://alas.aws.amazon.com/ALAS-2012-98.html", "title": "Low: python26", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "unix", "description": "\nJan Lieskovsky reports,\n\nA denial of service flaw was found in the way Simple XML-RPC\n\t Server module of Python processed client connections, that were\n\t closed prior the complete request body has been received. A\n\t remote attacker could use this flaw to cause Python Simple\n\t XML-RPC based server process to consume excessive amount of\n\t CPU.\n\n", "modified": "2012-02-26T00:00:00", "published": "2012-02-13T00:00:00", "id": "B4F8BE9E-56B2-11E1-9FB7-003067B2972C", "href": "https://vuxml.freebsd.org/freebsd/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html", "title": "Python -- DoS via malformed XML-RPC / HTTP POST request", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "seebug": [{"lastseen": "2017-11-19T17:57:53", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 51996\r\nCVE ID: CVE-2012-0845\r\n\r\nPython\u662f\u4e00\u79cd\u9762\u5411\u5bf9\u8c61\u3001\u76f4\u8bd1\u5f0f\u8ba1\u7b97\u673a\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00\uff0c\u4e5f\u662f\u4e00\u79cd\u529f\u80fd\u5f3a\u5927\u7684\u901a\u7528\u578b\u8bed\u8a00\u3002\r\n\r\nPython\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236\u7684HTTP POST\u8bf7\u6c42\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5904\u7406POST\u8bf7\u6c42\u65f6\uff0c&quot;SimpleXMLRPCRequestHandler.do_POST()&quot;\u65b9\u6cd5\u6ca1\u6709\u6b63\u786e\u5904\u7406EOF\uff0c\u53ef\u901a\u8fc7\u7279\u5236\u7684\u8bf7\u6c42\u5bfc\u81f4\u8f83\u9ad8\u7684CPU\u6d88\u8017\u3002\n0\npython 3.x\r\npython 2.7.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPython\r\n------\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n\r\nwww.python.org", "modified": "2012-02-16T00:00:00", "published": "2012-02-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30124", "id": "SSV:30124", "title": "Python SimpleXMLRPCServer\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "\n $ echo -e 'POST /RPC2 HTTP/1.0\\r\\nContent-Length: 100\\r\\n\\r\\nlol bye' | nc localhost 12345\n ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-30124"}], "nessus": [{"lastseen": "2020-01-01T06:40:00", "bulletinFamily": "scanner", "description": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.", "modified": "2020-01-02T00:00:00", "id": "ALA_ALAS-2012-81.NASL", "href": "https://www.tenable.com/plugins/nessus/69688", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : python27 (ALAS-2012-81)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-81.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69688);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-0845\");\n script_xref(name:\"ALAS\", value:\"2012-81\");\n\n script_name(english:\"Amazon Linux AMI : python27 (ALAS-2012-81)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8,\n2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows\nremote attackers to cause a denial of service (infinite loop and CPU\nconsumption) via an XML-RPC POST request that contains a smaller\namount of data than specified by the Content-Length header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-81.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python27' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python27-2.7.3-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-debuginfo-2.7.3-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-devel-2.7.3-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-libs-2.7.3-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-test-2.7.3-1.18.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-tools-2.7.3-1.18.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python27 / python27-debuginfo / python27-devel / python27-libs / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T07:45:31", "bulletinFamily": "scanner", "description": "Jan Lieskovsky reports,\n\nA denial of service flaw was found in the way Simple XML-RPC Server\nmodule of Python processed client connections, that were closed prior\nthe complete request body has been received. A remote attacker could\nuse this flaw to cause Python Simple XML-RPC based server process to\nconsume excessive amount of CPU.", "modified": "2020-01-02T00:00:00", "id": "FREEBSD_PKG_B4F8BE9E56B211E19FB7003067B2972C.NASL", "href": "https://www.tenable.com/plugins/nessus/57926", "published": "2012-02-14T00:00:00", "title": "FreeBSD : Python -- DoS via malformed XML-RPC / HTTP POST request (b4f8be9e-56b2-11e1-9fb7-003067b2972c)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57926);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/23 12:49:57\");\n\n script_cve_id(\"CVE-2012-0845\");\n\n script_name(english:\"FreeBSD : Python -- DoS via malformed XML-RPC / HTTP POST request (b4f8be9e-56b2-11e1-9fb7-003067b2972c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jan Lieskovsky reports,\n\nA denial of service flaw was found in the way Simple XML-RPC Server\nmodule of Python processed client connections, that were closed prior\nthe complete request body has been received. A remote attacker could\nuse this flaw to cause Python Simple XML-RPC based server process to\nconsume excessive amount of CPU.\"\n );\n # http://bugs.python.org/issue14001\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue14001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789790\"\n );\n # https://bugs.pypy.org/issue1047\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://web.archive.org/liveweb/https://bugs.pypy.org/issue1047\"\n );\n # https://vuxml.freebsd.org/freebsd/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2b6abf4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pypy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python25\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python31\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python32\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"python32<=3.2.2_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python31<=3.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python27<=2.7.2_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python26<=2.6.7_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python25<=2.5.6_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python24<=2.4.5_8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pypy<=1.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T07:07:02", "bulletinFamily": "scanner", "description": "Rebase of Python 2 (", "modified": "2020-01-02T00:00:00", "id": "FEDORA_2012-5924.NASL", "href": "https://www.tenable.com/plugins/nessus/58997", "published": "2012-05-07T00:00:00", "title": "Fedora 16 : python-2.7.3-1.fc16 / python-docs-2.7.3-1.fc16 (2012-5924) (BEAST)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5924.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58997);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_bugtraq_id(49778, 51239, 51996);\n script_xref(name:\"FEDORA\", value:\"2012-5924\");\n\n script_name(english:\"Fedora 16 : python-2.7.3-1.fc16 / python-docs-2.7.3-1.fc16 (2012-5924) (BEAST)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase of Python 2 ('python' and 'python-docs') from 2.7.2 to 2.7.3\nbringing in security fixes, along with other bugfixes.\n\nSee http://python.org/download/releases/2.7.3/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://python.org/download/releases/2.7.3/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.python.org/download/releases/2.7.3/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=750555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=812068\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079978.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16ed5efa\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079979.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6c0f47e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python and / or python-docs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"python-2.7.3-1.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"python-docs-2.7.3-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-docs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T07:07:02", "bulletinFamily": "scanner", "description": "Rebase of Python 2 (", "modified": "2020-01-02T00:00:00", "id": "FEDORA_2012-5892.NASL", "href": "https://www.tenable.com/plugins/nessus/58956", "published": "2012-05-02T00:00:00", "title": "Fedora 17 : python-2.7.3-3.fc17 / python-docs-2.7.3-1.fc17 (2012-5892) (BEAST)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5892.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58956);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_bugtraq_id(49778, 51239, 51996);\n script_xref(name:\"FEDORA\", value:\"2012-5892\");\n\n script_name(english:\"Fedora 17 : python-2.7.3-3.fc17 / python-docs-2.7.3-1.fc17 (2012-5892) (BEAST)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase of Python 2 ('python') from 2.7.2 to 2.7.3, bringing in\nsecurity fixes, along with numerous other bugfixes.\n\nSee http://python.org/download/releases/2.7.3/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://python.org/download/releases/2.7.3/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.python.org/download/releases/2.7.3/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=750555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=812068\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079569.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da059612\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079570.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0e5e969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python and / or python-docs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"python-2.7.3-3.fc17\")) flag++;\nif (rpm_check(release:\"FC17\", reference:\"python-docs-2.7.3-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-docs\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T07:07:02", "bulletinFamily": "scanner", "description": "Rebase of Python 3 (", "modified": "2020-01-02T00:00:00", "id": "FEDORA_2012-5916.NASL", "href": "https://www.tenable.com/plugins/nessus/58979", "published": "2012-05-04T00:00:00", "title": "Fedora 15 : python3-3.2.3-1.fc15 (2012-5916) (BEAST)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5916.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58979);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_bugtraq_id(49778, 51239, 51996);\n script_xref(name:\"FEDORA\", value:\"2012-5916\");\n\n script_name(english:\"Fedora 15 : python3-3.2.3-1.fc15 (2012-5916) (BEAST)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase of Python 3 ('python3') from 3.2 to 3.2.3 bringing in security\nfixes, along with other bugfixes.\n\nSee http://python.org/download/releases/3.2.3/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://python.org/download/releases/3.2.3/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.python.org/download/releases/3.2.3/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=750555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=812068\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079698.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9a2c301b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"python3-3.2.3-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T07:07:02", "bulletinFamily": "scanner", "description": "Rebase of python3 from 3.2.2 to 3.2.3 bringing in security fixes,\nalong with other bugfixes.\n\nSee http://python.org/download/releases/3.2.3/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-01-02T00:00:00", "id": "FEDORA_2012-5785.NASL", "href": "https://www.tenable.com/plugins/nessus/58996", "published": "2012-05-07T00:00:00", "title": "Fedora 17 : python3-3.2.3-5.fc17 (2012-5785) (BEAST)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-5785.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58996);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/12/24 10:14:27\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_bugtraq_id(49778, 51239, 51996);\n script_xref(name:\"FEDORA\", value:\"2012-5785\");\n\n script_name(english:\"Fedora 17 : python3-3.2.3-5.fc17 (2012-5785) (BEAST)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Rebase of python3 from 3.2.2 to 3.2.3 bringing in security fixes,\nalong with other bugfixes.\n\nSee http://python.org/download/releases/3.2.3/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://python.org/download/releases/3.2.3/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.python.org/download/releases/3.2.3/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=750555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=812068\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/080066.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e96a7c4e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"python3-3.2.3-5.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T07:07:03", "bulletinFamily": "scanner", "description": "Fixes debug build systemtap support. Rebase of python3 from 3.2.1 to\n3.2.3 bringing in security fixes, along with many other bug fixes. The\ncompiled *.pyc and *.pyo files are now properly compiled so python3\ndoesn", "modified": "2020-01-02T00:00:00", "id": "FEDORA_2012-9135.NASL", "href": "https://www.tenable.com/plugins/nessus/59580", "published": "2012-06-20T00:00:00", "title": "Fedora 16 : python3-3.2.3-2.fc16 (2012-9135) (BEAST)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9135.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59580);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2011-3389\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_bugtraq_id(49778, 51239, 51996);\n script_xref(name:\"FEDORA\", value:\"2012-9135\");\n\n script_name(english:\"Fedora 16 : python3-3.2.3-2.fc16 (2012-9135) (BEAST)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes debug build systemtap support. Rebase of python3 from 3.2.1 to\n3.2.3 bringing in security fixes, along with many other bug fixes. The\ncompiled *.pyc and *.pyo files are now properly compiled so python3\ndoesn't try to recompile them over and over on runtime anymore.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=750555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=789790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=812068\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082457.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b72781c3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"python3-3.2.3-2.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T00:18:12", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities has been discovered and corrected in python :\n\nThe _ssl module would always disable the CBC IV attack countermeasure\n(CVE-2011-3389).\n\nA race condition was found in the way the Python distutils module set\nfile permissions during the creation of the .pypirc file. If a local\nuser had access to the home directory of another user who is running\ndistutils, they could use this flaw to gain access to that user", "modified": "2020-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2012-097.NASL", "href": "https://www.tenable.com/plugins/nessus/61956", "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : python (MDVSA-2012:097)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:097. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61956);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/08/02 13:32:54\");\n\n script_cve_id(\n \"CVE-2011-3389\",\n \"CVE-2011-4944\",\n \"CVE-2012-0845\",\n \"CVE-2012-0876\",\n \"CVE-2012-1150\"\n );\n script_bugtraq_id(\n 49778,\n 51239,\n 51996,\n 52379,\n 52732\n );\n script_xref(name:\"MDVSA\", value:\"2012:097\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2012:097)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in python :\n\nThe _ssl module would always disable the CBC IV attack countermeasure\n(CVE-2011-3389).\n\nA race condition was found in the way the Python distutils module set\nfile permissions during the creation of the .pypirc file. If a local\nuser had access to the home directory of another user who is running\ndistutils, they could use this flaw to gain access to that user's\n.pypirc file, which can contain usernames and passwords for code\nrepositories (CVE-2011-4944).\n\nA flaw was found in the way the Python SimpleXMLRPCServer module\nhandled clients disconnecting prematurely. A remote attacker could use\nthis flaw to cause excessive CPU consumption on a server using\nSimpleXMLRPCServer (CVE-2012-0845).\n\nHash table collisions CPU usage DoS for the embedded copy of expat\n(CVE-2012-0876).\n\nA denial of service flaw was found in the implementation of\nassociative arrays (dictionaries) in Python. An attacker able to\nsupply a large number of inputs to a Python application (such as HTTP\nPOST request parameters sent to a web application) that are used as\nkeys when inserting data into an array could trigger multiple hash\nfunction collisions, making array operations take an excessive amount\nof CPU time. To mitigate this issue, randomization has been added to\nthe hash function to reduce the chance of an attacker successfully\ncausing intentional collisions (CVE-2012-1150).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64python-devel-2.7.2-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64python2.7-2.7.2-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libpython-devel-2.7.2-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libpython2.7-2.7.2-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"python-2.7.2-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"python-docs-2.7.2-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"tkinter-2.7.2-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", reference:\"tkinter-apps-2.7.2-2.2-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-01T01:45:42", "bulletinFamily": "scanner", "description": "This update to python 2.6.8 fixes the following bugs, among others :\n\n - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125)\n\n - hash randomization issues. (CVE-2012-1150, bnc#751718)\n\n - insecure creation of .pypirc. (CVE-2011-4944,\n bnc#754447)\n\n - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375)\n\n - functions can accept unicode kwargs. (bnc#744287)\n\n - python MainThread lacks ident. (bnc#754547)\n\n - TypeError: waitpid() takes no keyword arguments.\n (bnc#751714)\n\n - Source code exposure in CGIHTTPServer module.\n (CVE-2011-1015, bnc#674646)\n\n - Insecure redirect processing in urllib2 (CVE-2011-1521,\n bnc#682554) The hash randomization fix is by default\n disabled to keep compatibility with existing python code\n when it extracts hashes.\n\nTo enable the hash seed randomization you can use: - pass -R to the\npython interpreter commandline. - set the environment variable\nPYTHONHASHSEED=random to enable it for programs. You can also set this\nenvironment variable to a fixed hash seed by specifying a integer\nvalue between 0 and MAX_UINT.\n\nIn generally enabling this is only needed when malicious third parties\ncan inject values into your hash tables.\n\nThe update to 2.6.8 also provides many compatibility fixes with\nOpenStack.", "modified": "2020-01-02T00:00:00", "id": "SUSE_11_PYTHON-RANDOMISATION-UPDATE-120516.NASL", "href": "https://www.tenable.com/plugins/nessus/64220", "published": "2013-01-25T00:00:00", "title": "SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64220);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:56:04 $\");\n\n script_cve_id(\"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n\n script_name(english:\"SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to python 2.6.8 fixes the following bugs, among others :\n\n - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125)\n\n - hash randomization issues. (CVE-2012-1150, bnc#751718)\n\n - insecure creation of .pypirc. (CVE-2011-4944,\n bnc#754447)\n\n - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375)\n\n - functions can accept unicode kwargs. (bnc#744287)\n\n - python MainThread lacks ident. (bnc#754547)\n\n - TypeError: waitpid() takes no keyword arguments.\n (bnc#751714)\n\n - Source code exposure in CGIHTTPServer module.\n (CVE-2011-1015, bnc#674646)\n\n - Insecure redirect processing in urllib2 (CVE-2011-1521,\n bnc#682554) The hash randomization fix is by default\n disabled to keep compatibility with existing python code\n when it extracts hashes.\n\nTo enable the hash seed randomization you can use: - pass -R to the\npython interpreter commandline. - set the environment variable\nPYTHONHASHSEED=random to enable it for programs. You can also set this\nenvironment variable to a fixed hash seed by specifying a integer\nvalue between 0 and MAX_UINT.\n\nIn generally enabling this is only needed when malicious third parties\ncan inject values into your hash tables.\n\nThe update to 2.6.8 also provides many compatibility fixes with\nOpenStack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=744287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=748079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1521.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4944.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0845.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1150.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6310.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-base-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-base-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-curses-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-devel-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-tk-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-xml-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libpython2_6-1_0-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libpython2_6-1_0-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-base-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-base-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-curses-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-demo-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-doc-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-doc-pdf-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-gdbm-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-idle-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-tk-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-xml-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-base-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-base-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-curses-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-demo-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-doc-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-doc-pdf-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-gdbm-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-idle-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-tk-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-xml-2.6.8-0.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-01T01:01:16", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0744 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA denial of service flaw was found in the implementation of\nassociative arrays (dictionaries) in Python. An attacker able to\nsupply a large number of inputs to a Python application (such as HTTP\nPOST request parameters sent to a web application) that are used as\nkeys when inserting data into an array could trigger multiple hash\nfunction collisions, making array operations take an excessive amount\nof CPU time. To mitigate this issue, randomization has been added to\nthe hash function to reduce the chance of an attacker successfully\ncausing intentional collisions. (CVE-2012-1150)\n\nNote: The hash randomization is not enabled by default as it may break\napplications that incorrectly depend on dictionary ordering. To enable\nthe protection, the new ", "modified": "2020-01-02T00:00:00", "id": "ORACLELINUX_ELSA-2012-0744.NASL", "href": "https://www.tenable.com/plugins/nessus/68545", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : python (ELSA-2012-0744)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0744 and \n# Oracle Linux Security Advisory ELSA-2012-0744 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68545);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/30 10:58:17\");\n\n script_cve_id(\"CVE-2011-4940\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_bugtraq_id(51239, 51996, 52379, 52732);\n script_xref(name:\"RHSA\", value:\"2012:0744\");\n\n script_name(english:\"Oracle Linux 6 : python (ELSA-2012-0744)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0744 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA denial of service flaw was found in the implementation of\nassociative arrays (dictionaries) in Python. An attacker able to\nsupply a large number of inputs to a Python application (such as HTTP\nPOST request parameters sent to a web application) that are used as\nkeys when inserting data into an array could trigger multiple hash\nfunction collisions, making array operations take an excessive amount\nof CPU time. To mitigate this issue, randomization has been added to\nthe hash function to reduce the chance of an attacker successfully\ncausing intentional collisions. (CVE-2012-1150)\n\nNote: The hash randomization is not enabled by default as it may break\napplications that incorrectly depend on dictionary ordering. To enable\nthe protection, the new 'PYTHONHASHSEED' environment variable or the\nPython interpreter's '-R' command line option can be used. Refer to\nthe python(1) manual page for details.\n\nThe RHSA-2012:0731 expat erratum must be installed with this update,\nwhich adds hash randomization to the Expat library used by the Python\npyexpat module.\n\nA flaw was found in the way the Python SimpleXMLRPCServer module\nhandled clients disconnecting prematurely. A remote attacker could use\nthis flaw to cause excessive CPU consumption on a server using\nSimpleXMLRPCServer. (CVE-2012-0845)\n\nA flaw was found in the way the Python SimpleHTTPServer module\ngenerated directory listings. An attacker able to upload a file with a\nspecially crafted name to a server could possibly perform a cross-site\nscripting (XSS) attack against victims visiting a listing page\ngenerated by SimpleHTTPServer, for a directory containing the crafted\nfile (if the victims were using certain web browsers). (CVE-2011-4940)\n\nA race condition was found in the way the Python distutils module set\nfile permissions during the creation of the .pypirc file. If a local\nuser had access to the home directory of another user who is running\ndistutils, they could use this flaw to gain access to that user's\n.pypirc file, which can contain usernames and passwords for code\nrepositories. (CVE-2011-4944)\n\nRed Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT\nacknowledges Julian Walde and Alexander Klink as the original\nreporters of CVE-2012-1150.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-June/002866.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"python-2.6.6-29.el6_2.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-devel-2.6.6-29.el6_2.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-libs-2.6.6-29.el6_2.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-test-2.6.6-29.el6_2.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-tools-2.6.6-29.el6_2.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tkinter-2.6.6-29.el6_2.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-test / python-tools / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:20:59", "bulletinFamily": "unix", "description": "Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the \u2018-R\u2019 command line option and honors setting the PYTHONHASHSEED environment variable to \u2018random\u2019 to salt str and datetime objects with an unpredictable value. (CVE-2012-1150)", "modified": "2012-10-02T00:00:00", "published": "2012-10-02T00:00:00", "id": "USN-1592-1", "href": "https://usn.ubuntu.com/1592-1/", "title": "Python 2.7 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T17:21:51", "bulletinFamily": "unix", "description": "It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the \u2018-R\u2019 command line option and honors setting the PYTHONHASHSEED environment variable to \u2018random\u2019 to salt str and datetime objects with an unpredictable value. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2012-1150)\n\nSerhiy Storchaka discovered that the UTF16 decoder in Python did not properly reset internal variables after error handling. An attacker could exploit this to cause a denial of service via memory corruption. This issue did not affect Ubuntu 12.10. (CVE-2012-2135)", "modified": "2012-10-23T00:00:00", "published": "2012-10-23T00:00:00", "id": "USN-1615-1", "href": "https://usn.ubuntu.com/1615-1/", "title": "Python 3.2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:38", "bulletinFamily": "unix", "description": "It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. (CVE-2010-1634, CVE-2010-2089)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the \u2018-R\u2019 command line option and honors setting the PYTHONHASHSEED environment variable to \u2018random\u2019 to salt str and datetime objects with an unpredictable value. (CVE-2012-1150)\n\nSerhiy Storchaka discovered that the UTF16 decoder in Python did not properly reset internal variables after error handling. An attacker could exploit this to cause a denial of service via memory corruption. (CVE-2012-2135)", "modified": "2012-10-24T00:00:00", "published": "2012-10-24T00:00:00", "id": "USN-1616-1", "href": "https://usn.ubuntu.com/1616-1/", "title": "Python 3.1 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:52", "bulletinFamily": "unix", "description": "USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4.\n\nOriginal advisory details:\n\nIt was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148)", "modified": "2012-10-17T00:00:00", "published": "2012-10-17T00:00:00", "id": "USN-1613-2", "href": "https://usn.ubuntu.com/1613-2/", "title": "Python 2.4 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:27", "bulletinFamily": "unix", "description": "It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148)", "modified": "2012-10-17T00:00:00", "published": "2012-10-17T00:00:00", "id": "USN-1613-1", "href": "https://usn.ubuntu.com/1613-1/", "title": "Python 2.5 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:17", "bulletinFamily": "unix", "description": "It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the \u2018-R\u2019 command line option and honors setting the PYTHONHASHSEED environment variable to \u2018random\u2019 to salt str and datetime objects with an unpredictable value. (CVE-2012-1150)", "modified": "2012-10-04T00:00:00", "published": "2012-10-04T00:00:00", "id": "USN-1596-1", "href": "https://usn.ubuntu.com/1596-1/", "title": "Python 2.6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:19", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA denial of service flaw was found in the implementation of associative\narrays (dictionaries) in Python. An attacker able to supply a large number\nof inputs to a Python application (such as HTTP POST request parameters\nsent to a web application) that are used as keys when inserting data into\nan array could trigger multiple hash function collisions, making array\noperations take an excessive amount of CPU time. To mitigate this issue,\nrandomization has been added to the hash function to reduce the chance of\nan attacker successfully causing intentional collisions. (CVE-2012-1150)\n\nNote: The hash randomization is not enabled by default as it may break\napplications that incorrectly depend on dictionary ordering. To enable the\nprotection, the new \"PYTHONHASHSEED\" environment variable or the Python\ninterpreter's \"-R\" command line option can be used. Refer to the python(1)\nmanual page for details.\n\nThe RHSA-2012:0731 expat erratum must be installed with this update, which\nadds hash randomization to the Expat library used by the Python pyexpat\nmodule.\n\nA flaw was found in the way the Python SimpleXMLRPCServer module handled\nclients disconnecting prematurely. A remote attacker could use this flaw to\ncause excessive CPU consumption on a server using SimpleXMLRPCServer.\n(CVE-2012-0845)\n\nA flaw was found in the way the Python SimpleHTTPServer module generated\ndirectory listings. An attacker able to upload a file with a\nspecially-crafted name to a server could possibly perform a cross-site\nscripting (XSS) attack against victims visiting a listing page generated by\nSimpleHTTPServer, for a directory containing the crafted file (if the\nvictims were using certain web browsers). (CVE-2011-4940)\n\nA race condition was found in the way the Python distutils module set file\npermissions during the creation of the .pypirc file. If a local user had\naccess to the home directory of another user who is running distutils, they\ncould use this flaw to gain access to that user's .pypirc file, which can\ncontain usernames and passwords for code repositories. (CVE-2011-4944)\n\nRed Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT\nacknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2012-1150.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2018-06-06T20:24:27", "published": "2012-06-18T04:00:00", "id": "RHSA-2012:0744", "href": "https://access.redhat.com/errata/RHSA-2012:0744", "type": "redhat", "title": "(RHSA-2012:0744) Moderate: python security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:29:02", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0744\n\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA denial of service flaw was found in the implementation of associative\narrays (dictionaries) in Python. An attacker able to supply a large number\nof inputs to a Python application (such as HTTP POST request parameters\nsent to a web application) that are used as keys when inserting data into\nan array could trigger multiple hash function collisions, making array\noperations take an excessive amount of CPU time. To mitigate this issue,\nrandomization has been added to the hash function to reduce the chance of\nan attacker successfully causing intentional collisions. (CVE-2012-1150)\n\nNote: The hash randomization is not enabled by default as it may break\napplications that incorrectly depend on dictionary ordering. To enable the\nprotection, the new \"PYTHONHASHSEED\" environment variable or the Python\ninterpreter's \"-R\" command line option can be used. Refer to the python(1)\nmanual page for details.\n\nThe RHSA-2012:0731 expat erratum must be installed with this update, which\nadds hash randomization to the Expat library used by the Python pyexpat\nmodule.\n\nA flaw was found in the way the Python SimpleXMLRPCServer module handled\nclients disconnecting prematurely. A remote attacker could use this flaw to\ncause excessive CPU consumption on a server using SimpleXMLRPCServer.\n(CVE-2012-0845)\n\nA flaw was found in the way the Python SimpleHTTPServer module generated\ndirectory listings. An attacker able to upload a file with a\nspecially-crafted name to a server could possibly perform a cross-site\nscripting (XSS) attack against victims visiting a listing page generated by\nSimpleHTTPServer, for a directory containing the crafted file (if the\nvictims were using certain web browsers). (CVE-2011-4940)\n\nA race condition was found in the way the Python distutils module set file\npermissions during the creation of the .pypirc file. If a local user had\naccess to the home directory of another user who is running distutils, they\ncould use this flaw to gain access to that user's .pypirc file, which can\ncontain usernames and passwords for code repositories. (CVE-2011-4944)\n\nRed Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT\nacknowledges Julian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2012-1150.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-June/030731.html\n\n**Affected packages:**\npython\npython-devel\npython-libs\npython-test\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0744.html", "modified": "2012-06-18T16:35:36", "published": "2012-06-18T16:35:36", "href": "http://lists.centos.org/pipermail/centos-announce/2012-June/030731.html", "id": "CESA-2012:0744", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "unix", "description": "[2.6.6-29.el6_2.2]\n- if hash randomization is enabled, also enable it within pyexpat\nResolves: CVE-2012-0876\n[2.6.6-29.el6_2.1]\n- distutils.config: create ~/.pypirc securely\nResolves: CVE-2011-4944\n- fix endless loop in SimpleXMLRPCServer upon malformed POST request\nResolves: CVE-2012-0845\n- send encoding in SimpleHTTPServer.list_directory to protect IE7 against\npotential XSS attacks\nResolves: CVE-2011-4940\n- oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment\nvariable, to provide an opt-in way to protect against denial of service\nattacks due to hash collisions within the dict and set types\nResolves: CVE-2012-1150", "modified": "2012-06-18T00:00:00", "published": "2012-06-18T00:00:00", "id": "ELSA-2012-0744", "href": "http://linux.oracle.com/errata/ELSA-2012-0744.html", "title": "python security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "description": "DoS, crissoite scripting, information leakage.", "modified": "2012-07-29T00:00:00", "published": "2012-07-29T00:00:00", "id": "SECURITYVULNS:VULN:12454", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12454", "title": "python multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:096-1\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : python\r\n Date : July 2, 2012\r\n Affected: Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in python:\r\n \r\n The _ssl module would always disable the CBC IV attack countermeasure\r\n &#40;CVE-2011-3389&#41;.\r\n \r\n A flaw was found in the way the Python SimpleHTTPServer module\r\n generated directory listings. An attacker able to upload a file\r\n with a specially-crafted name to a server could possibly perform a\r\n cross-site scripting &#40;XSS&#41; attack against victims visiting a listing\r\n page generated by SimpleHTTPServer, for a directory containing\r\n the crafted file &#40;if the victims were using certain web browsers&#41;\r\n &#40;CVE-2011-4940&#41;.\r\n \r\n A race condition was found in the way the Python distutils module\r\n set file permissions during the creation of the .pypirc file. If a\r\n local user had access to the home directory of another user who is\r\n running distutils, they could use this flaw to gain access to that\r\n user&#039;s .pypirc file, which can contain usernames and passwords for\r\n code repositories &#40;CVE-2011-4944&#41;.\r\n \r\n A flaw was found in the way the Python SimpleXMLRPCServer module\r\n handled clients disconnecting prematurely. A remote attacker could\r\n use this flaw to cause excessive CPU consumption on a server using\r\n SimpleXMLRPCServer &#40;CVE-2012-0845&#41;.\r\n \r\n Hash table collisions CPU usage DoS for the embedded copy of expat\r\n &#40;CVE-2012-0876&#41;.\r\n \r\n A denial of service flaw was found in the implementation of associative\r\n arrays &#40;dictionaries&#41; in Python. An attacker able to supply a large\r\n number of inputs to a Python application &#40;such as HTTP POST request\r\n parameters sent to a web application&#41; that are used as keys when\r\n inserting data into an array could trigger multiple hash function\r\n collisions, making array operations take an excessive amount of\r\n CPU time. To mitigate this issue, randomization has been added to\r\n the hash function to reduce the chance of an attacker successfully\r\n causing intentional collisions &#40;CVE-2012-1150&#41;.\r\n \r\n The updated packages have been patched to correct these issues.\r\n\r\n Update:\r\n\r\n Packages for Mandriva Enterprise Server 5 is also being provided.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4940\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n e18f146e6c8aa316adb5d19a0de2cdef mes5/i586/libpython2.5-2.5.2-5.12mdvmes5.2.i586.rpm\r\n f425a7831028c28f98bac0d95ee532ce mes5/i586/libpython2.5-devel-2.5.2-5.12mdvmes5.2.i586.rpm\r\n 153ff4e78256ec9b0b89f5ecd7ed317c mes5/i586/python-2.5.2-5.12mdvmes5.2.i586.rpm\r\n bbff1780014007b0c95491c74d3dc82b mes5/i586/python-base-2.5.2-5.12mdvmes5.2.i586.rpm\r\n e73ffb5aeff47d2008b0bdb99623579f mes5/i586/python-docs-2.5.2-5.12mdvmes5.2.i586.rpm\r\n af4d7f8f20f7cf7b2beb77dbd06f6992 mes5/i586/tkinter-2.5.2-5.12mdvmes5.2.i586.rpm\r\n 268850f5dd79335c129fa84469d39e20 mes5/i586/tkinter-apps-2.5.2-5.12mdvmes5.2.i586.rpm \r\n 0248488ef4499a61ba9ef31061325f1e mes5/SRPMS/python-2.5.2-5.12mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 6ee32ebb3873a3e01def5984dfa951c7 mes5/x86_64/lib64python2.5-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n 9e7d5a39d2b224bd9141e6851350e43d mes5/x86_64/lib64python2.5-devel-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n f798622e3b9f9795c373be0d90008684 mes5/x86_64/python-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n 916fb7c6e716daaf5269086b9477efcf mes5/x86_64/python-base-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n 53f14e4e8d6140603acac82004bd12c9 mes5/x86_64/python-docs-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n ff348190df6007b7d0b043ac153f35dd mes5/x86_64/tkinter-2.5.2-5.12mdvmes5.2.x86_64.rpm\r\n d7f55af87f3e3ea045b556f91c09333b mes5/x86_64/tkinter-apps-2.5.2-5.12mdvmes5.2.x86_64.rpm \r\n 0248488ef4499a61ba9ef31061325f1e mes5/SRPMS/python-2.5.2-5.12mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFP8YuYmqjQ0CJFipgRAl7UAKDy0foAu7Ro4bcYaG/I43WrnoHT7ACfV9t5\r\ny8nHa/VpwqBidhF5DJElWmo=\r\n=AnEb\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-07-09T00:00:00", "published": "2012-07-09T00:00:00", "id": "SECURITYVULNS:DOC:28232", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28232", "title": "[ MDVSA-2012:096-1 ] python", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "description": "### Background\n\nPython is an interpreted, interactive, object-oriented programming language. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition or perform a man-in-the-middle attack to disclose sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Python 3.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-3.3.2-r1\"\n \n\nAll Python 3.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-3.2.5-r1\"\n \n\nAll Python 2.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.6.8\"\n \n\nAll Python 2.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.7.3-r1\"", "modified": "2015-06-17T00:00:00", "published": "2014-01-06T00:00:00", "id": "GLSA-201401-04", "href": "https://security.gentoo.org/glsa/201401-04", "type": "gentoo", "title": "Python: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:59", "bulletinFamily": "unix", "description": "Package : python2.6\nVersion : 2.6.6-8+deb6u1\nCVE ID : CVE-2011-1015 CVE-2011-1521 CVE-2011-4940 CVE-2011-4944 \n CVE-2012-0845 CVE-2012-1150 CVE-2013-4238 CVE-2014-1912\n\nMultiple vulnerabilities were discovered in python2.6. The more\nrelevant are:\n\nCVE-2013-4238\n\n Incorrect handling of NUL bytes in certificate hostnames may allow\n server spoofing via specially-crafted certificates signed by\n a trusted Certification Authority.\n\nCVE-2014-1912\n\n Buffer overflow in socket.recvfrom_into leading to application\n crash and possibly code execution.\n", "modified": "2014-07-31T21:08:00", "published": "2014-07-31T21:08:00", "id": "DEBIAN:DLA-25-1:0FCA7", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201407/msg00014.html", "title": "[DLA 25-1] python2.6 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-01-22T00:26:21", "bulletinFamily": "unix", "description": "This update for python3 to version 3.6.10 fixes the following issues:\n\n - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk()\n (bsc#1083507).\n - CVE-2019-16056: Fixed an issue where email parsing could fail for\n multiple @ (bsc#1149955).\n - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat\n (bsc#1149429).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "modified": "2020-01-21T21:14:40", "published": "2020-01-21T21:14:40", "id": "OPENSUSE-SU-2020:0086-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "title": "Security update for python3 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}