ID ALA_ALAS-2015-621.NASL Type nessus Reporter Tenable Modified 2018-04-18T00:00:00
Description
An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.
It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.
It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2015-621.
#
include("compat.inc");
if (description)
{
script_id(87347);
script_version("2.2");
script_cvs_date("Date: 2018/04/18 15:09:35");
script_cve_id("CVE-2013-1752", "CVE-2014-4650", "CVE-2014-7185");
script_xref(name:"ALAS", value:"2015-621");
script_name(english:"Amazon Linux AMI : python26 (ALAS-2015-621)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An integer overflow flaw was found in the way the buffer() function
handled its offset and size arguments. An attacker able to control
those arguments could use this flaw to disclose portions of the
application memory or cause it to crash.
It was discovered that multiple Python standard library modules
implementing network protocols (such as httplib or smtplib) failed to
restrict sizes of server responses. A malicious server could cause a
client using one of the affected modules to consume an excessive
amount of memory.
It was discovered that the CGIHTTPServer module incorrectly handled
URL encoded paths. A remote attacker could use this flaw to execute
scripts outside of the cgi-bin directory, or disclose source of
scripts in the cgi-bin directory."
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2015-621.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update python26' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2015/12/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"python26-2.6.9-2.83.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-debuginfo-2.6.9-2.83.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-devel-2.6.9-2.83.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-libs-2.6.9-2.83.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-test-2.6.9-2.83.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python26-tools-2.6.9-2.83.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python26 / python26-debuginfo / python26-devel / python26-libs / etc");
}
{"id": "ALA_ALAS-2015-621.NASL", "bulletinFamily": "scanner", "title": "Amazon Linux AMI : python26 (ALAS-2015-621)", "description": "An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.", "published": "2015-12-15T00:00:00", "modified": "2018-04-18T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87347", "reporter": "Tenable", "references": ["https://alas.aws.amazon.com/ALAS-2015-621.html"], "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "type": "nessus", "lastseen": "2019-02-21T01:25:38", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "description": "An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:22:55", "references": [{"idList": ["EDB-ID:33894"], "type": "exploitdb"}, {"idList": ["CVE-2014-7185"], "type": "cve"}, {"idList": ["SECURITYVULNS:VULN:13867", "SECURITYVULNS:DOC:31316", "SECURITYVULNS:DOC:31253", "SECURITYVULNS:VULN:14061"], "type": "securityvulns"}, {"idList": ["CESA-2015:2101", "CESA-2015:1330"], "type": "centos"}, {"idList": ["GLSA-201503-10"], "type": "gentoo"}, {"idList": ["ALAS-2015-621", "ALAS-2014-440", "ALAS-2013-241", "ALAS-2015-552"], "type": "amazon"}, {"idList": ["ELSA-2015-1330", "ELSA-2015-1064", "ELSA-2015-2101"], "type": "oraclelinux"}, {"idList": ["ASA-201412-15", "ASA-201409-3"], "type": "archlinux"}, {"idList": ["SSV:61235"], "type": "seebug"}, {"idList": ["CENTOS_RHSA-2015-2101.NASL", "SUSE_SU-2015-1344-1.NASL", "UBUNTU_USN-2653-1.NASL", "ORACLELINUX_ELSA-2015-2101.NASL", "CENTOS_RHSA-2015-1330.NASL", "REDHAT-RHSA-2015-2101.NASL", "ORACLELINUX_ELSA-2015-1330.NASL", "ORACLEVM_OVMSA-2015-0098.NASL", "SL_20150722_PYTHON_ON_SL6_X.NASL", "REDHAT-RHSA-2015-1330.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310871501", "OPENVAS:1361412562310120425", "OPENVAS:1361412562310869288", "OPENVAS:1361412562310871404", "OPENVAS:1361412562310122760", "OPENVAS:1361412562310123066", "OPENVAS:1361412562310842261", "OPENVAS:1361412562310122870", "OPENVAS:1361412562310120611", "OPENVAS:1361412562310120035"], "type": "openvas"}, {"idList": ["PACKETSTORM:127241"], "type": "packetstorm"}, {"idList": ["F5:K78825687", "F5:K53192206", "F5:K93278412"], "type": "f5"}, {"idList": ["RHSA-2015:1064", "RHSA-2015:2101", "RHSA-2015:1330"], "type": "redhat"}, {"idList": ["USN-2653-1"], "type": "ubuntu"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "bc1807fd799638a03c3e3b9da07a1a9ecafcc08f5b02fa16f70acabbbbc74325", "hashmap": [{"hash": "9ef50be71a3f7bd9fb57194e244d87d9", "key": "published"}, {"hash": "48d9c6fd82a3d088507c91e8a7343dbf", "key": "pluginID"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "c8cd7680285e05057e670c593a0cc704", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "976375bae863ac4684fb0621aaf789f7", "key": "href"}, {"hash": "2eda1ae37c4c27da7fc7c1d9dd537248", "key": "cvelist"}, {"hash": "8c3f3d613fd157748892d632ebd18d32", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "ea1bdd9185a2c3160cbbe9c0292c3d62", "key": "cvss"}, {"hash": "a3ff3869c071b299aca70bb88696ec1b", "key": "title"}, {"hash": "53c9e9c95372b1f291305c3332c1e19e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=87347", "id": "ALA_ALAS-2015-621.NASL", "lastseen": "2019-01-16T20:22:55", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "87347", "published": "2015-12-15T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-621.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-621.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87347);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2015-621\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2015-621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.9-2.83.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2015-621)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:22:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "description": "An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "917ae83c862de73acb0a8f71f5a7eb12a7ec0084577415a39631ab330c5d5601", "hashmap": [{"hash": "9ef50be71a3f7bd9fb57194e244d87d9", "key": "published"}, {"hash": "48d9c6fd82a3d088507c91e8a7343dbf", "key": "pluginID"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "c8cd7680285e05057e670c593a0cc704", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d1a761694f52efdf2213872be0d99fd", "key": "description"}, {"hash": "976375bae863ac4684fb0621aaf789f7", "key": "href"}, {"hash": "2eda1ae37c4c27da7fc7c1d9dd537248", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "ea1bdd9185a2c3160cbbe9c0292c3d62", "key": "cvss"}, {"hash": "a3ff3869c071b299aca70bb88696ec1b", "key": "title"}, {"hash": "53c9e9c95372b1f291305c3332c1e19e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=87347", "id": "ALA_ALAS-2015-621.NASL", "lastseen": "2018-04-19T07:33:12", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "87347", "published": "2015-12-15T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-621.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-621.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87347);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2015-621\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2015-621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.9-2.83.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2015-621)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-04-19T07:33:12"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "description": "An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.", "edition": 1, "enchantments": {}, "hash": "2f3120ee8d47ae639b80922b275b4daad4952c353259cb900453382ce099201e", "hashmap": [{"hash": "9ef50be71a3f7bd9fb57194e244d87d9", "key": "published"}, {"hash": "48d9c6fd82a3d088507c91e8a7343dbf", "key": "pluginID"}, {"hash": "9ef50be71a3f7bd9fb57194e244d87d9", "key": "modified"}, {"hash": "c8cd7680285e05057e670c593a0cc704", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d1a761694f52efdf2213872be0d99fd", "key": "description"}, {"hash": "976375bae863ac4684fb0621aaf789f7", "key": "href"}, {"hash": "2eda1ae37c4c27da7fc7c1d9dd537248", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f77a13bfdc2ba2e497bd1d272913ae2c", "key": "sourceData"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "ea1bdd9185a2c3160cbbe9c0292c3d62", "key": "cvss"}, {"hash": "a3ff3869c071b299aca70bb88696ec1b", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=87347", "id": "ALA_ALAS-2015-621.NASL", "lastseen": "2016-09-26T17:23:49", "modified": "2015-12-15T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "87347", "published": "2015-12-15T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-621.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-621.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87347);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/12/15 14:50:16 $\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2015-621\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2015-621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.9-2.83.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2015-621)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:49"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "description": "An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "917ae83c862de73acb0a8f71f5a7eb12a7ec0084577415a39631ab330c5d5601", "hashmap": [{"hash": "9ef50be71a3f7bd9fb57194e244d87d9", "key": "published"}, {"hash": "48d9c6fd82a3d088507c91e8a7343dbf", "key": "pluginID"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "c8cd7680285e05057e670c593a0cc704", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d1a761694f52efdf2213872be0d99fd", "key": "description"}, {"hash": "976375bae863ac4684fb0621aaf789f7", "key": "href"}, {"hash": "2eda1ae37c4c27da7fc7c1d9dd537248", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "ea1bdd9185a2c3160cbbe9c0292c3d62", "key": "cvss"}, {"hash": "a3ff3869c071b299aca70bb88696ec1b", "key": "title"}, {"hash": "53c9e9c95372b1f291305c3332c1e19e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=87347", "id": "ALA_ALAS-2015-621.NASL", "lastseen": "2018-09-01T23:38:34", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "87347", "published": "2015-12-15T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-621.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-621.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87347);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2015-621\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2015-621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.9-2.83.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2015-621)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:38:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "description": "An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.", "edition": 2, "enchantments": {"score": {"modified": "2017-10-29T13:35:32", "value": 5.4, "vector": "AV:N/AC:M/Au:M/C:P/I:P/A:P/"}}, "hash": "3895635a11f269b220eccb855d5cf1e3f2274cdc6089d8fdc0185a0b4fdb5e59", "hashmap": [{"hash": "9ef50be71a3f7bd9fb57194e244d87d9", "key": "published"}, {"hash": "48d9c6fd82a3d088507c91e8a7343dbf", "key": "pluginID"}, {"hash": "9ef50be71a3f7bd9fb57194e244d87d9", "key": "modified"}, {"hash": "c8cd7680285e05057e670c593a0cc704", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d1a761694f52efdf2213872be0d99fd", "key": "description"}, {"hash": "976375bae863ac4684fb0621aaf789f7", "key": "href"}, {"hash": "2eda1ae37c4c27da7fc7c1d9dd537248", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f77a13bfdc2ba2e497bd1d272913ae2c", "key": "sourceData"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "ea1bdd9185a2c3160cbbe9c0292c3d62", "key": "cvss"}, {"hash": "a3ff3869c071b299aca70bb88696ec1b", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=87347", "id": "ALA_ALAS-2015-621.NASL", "lastseen": "2017-10-29T13:35:32", "modified": "2015-12-15T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "87347", "published": "2015-12-15T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-621.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-621.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87347);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/12/15 14:50:16 $\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2015-621\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2015-621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/AmazonLinux/release\")) audit(AUDIT_OS_NOT, \"Amazon Linux AMI\");\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.9-2.83.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2015-621)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:35:32"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "308a36dac6d43302581960ba962791f55f4cdf2dab64eb37fbcbfe193a3cb69f", "hashmap": [{"hash": "9ef50be71a3f7bd9fb57194e244d87d9", "key": "published"}, {"hash": "48d9c6fd82a3d088507c91e8a7343dbf", "key": "pluginID"}, {"hash": "5ba3c9d875bfe1d4088cbfd233ef0c85", "key": "modified"}, {"hash": "c8cd7680285e05057e670c593a0cc704", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d1a761694f52efdf2213872be0d99fd", "key": "description"}, {"hash": "976375bae863ac4684fb0621aaf789f7", "key": "href"}, {"hash": "2eda1ae37c4c27da7fc7c1d9dd537248", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "df5cd238ab6ba820ee0b13c493f1bcd6", "key": "naslFamily"}, {"hash": "f3e0471951aa3daaad428b831c6d6755", "key": "cpe"}, {"hash": "a3ff3869c071b299aca70bb88696ec1b", "key": "title"}, {"hash": "53c9e9c95372b1f291305c3332c1e19e", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=87347", "id": "ALA_ALAS-2015-621.NASL", "lastseen": "2018-08-30T19:34:40", "modified": "2018-04-18T00:00:00", "naslFamily": "Amazon Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "87347", "published": "2015-12-15T00:00:00", "references": ["https://alas.aws.amazon.com/ALAS-2015-621.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-621.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87347);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2015-621\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2015-621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.9-2.83.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "title": "Amazon Linux AMI : python26 (ALAS-2015-621)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:34:40"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "f3e0471951aa3daaad428b831c6d6755"}, {"key": "cvelist", "hash": "2eda1ae37c4c27da7fc7c1d9dd537248"}, {"key": "cvss", "hash": "ea1bdd9185a2c3160cbbe9c0292c3d62"}, {"key": "description", "hash": "2d1a761694f52efdf2213872be0d99fd"}, {"key": "href", "hash": "976375bae863ac4684fb0621aaf789f7"}, {"key": "modified", "hash": "5ba3c9d875bfe1d4088cbfd233ef0c85"}, {"key": "naslFamily", "hash": "df5cd238ab6ba820ee0b13c493f1bcd6"}, {"key": "pluginID", "hash": "48d9c6fd82a3d088507c91e8a7343dbf"}, {"key": "published", "hash": "9ef50be71a3f7bd9fb57194e244d87d9"}, {"key": "references", "hash": "c8cd7680285e05057e670c593a0cc704"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "53c9e9c95372b1f291305c3332c1e19e"}, {"key": "title", "hash": "a3ff3869c071b299aca70bb88696ec1b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "917ae83c862de73acb0a8f71f5a7eb12a7ec0084577415a39631ab330c5d5601", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-7185", "CVE-2013-1752"]}, {"type": "f5", "idList": ["F5:K78825687", "F5:K53192206", "F5:K93278412"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120611", "OPENVAS:1361412562310842261", "OPENVAS:1361412562310871404", "OPENVAS:1361412562310122760", "OPENVAS:1361412562310123066", "OPENVAS:1361412562310120425", "OPENVAS:1361412562310869288", "OPENVAS:1361412562310122870", "OPENVAS:1361412562310871501", "OPENVAS:1361412562310804939"]}, {"type": "amazon", "idList": ["ALAS-2015-621", "ALAS-2014-440", "ALAS-2013-241", "ALAS-2015-552"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2015-1330.NASL", "ORACLELINUX_ELSA-2015-1330.NASL", "REDHAT-RHSA-2015-2101.NASL", "SUSE_SU-2015-1344-1.NASL", "CENTOS_RHSA-2015-2101.NASL", "SL_20150722_PYTHON_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2015-2101.NASL", "REDHAT-RHSA-2015-1330.NASL", "UBUNTU_USN-2653-1.NASL", "ALA_ALAS-2014-440.NASL"]}, {"type": "ubuntu", "idList": ["USN-2653-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2101", "ELSA-2015-1330", "ELSA-2015-1064"]}, {"type": "centos", "idList": ["CESA-2015:1330", "CESA-2015:2101"]}, {"type": "redhat", "idList": ["RHSA-2015:1330", "RHSA-2015:2101", "RHSA-2015:1064"]}, {"type": "exploitdb", "idList": ["EDB-ID:33894"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14061", "SECURITYVULNS:DOC:31316", "SECURITYVULNS:DOC:31253", "SECURITYVULNS:VULN:13867"]}, {"type": "archlinux", "idList": ["ASA-201409-3", "ASA-201412-15"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127241"]}, {"type": "seebug", "idList": ["SSV:61235"]}, {"type": "gentoo", "idList": ["GLSA-201503-10"]}, {"type": "slackware", "idList": ["SSA-2019-062-01"]}], "modified": "2019-02-21T01:25:38"}, "score": {"value": 6.4, "vector": "NONE", "modified": "2019-02-21T01:25:38"}, "vulnersScore": 6.4}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-621.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87347);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2015-621\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2015-621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.9-2.83.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "naslFamily": "Amazon Linux Local Security Checks", "pluginID": "87347", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:13:48", "bulletinFamily": "NVD", "description": "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function.", "modified": "2018-01-05T02:29:00", "id": "CVE-2014-7185", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7185", "published": "2014-10-08T17:55:00", "title": "CVE-2014-7185", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-07-09T18:06:57", "bulletinFamily": "NVD", "description": "** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions.", "modified": "2019-06-03T20:15:00", "id": "CVE-2013-1752", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1752", "published": "2019-06-03T20:15:00", "title": "CVE-2013-1752", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-05-29T18:35:56", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-12-15T00:00:00", "id": "OPENVAS:1361412562310120611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120611", "title": "Amazon Linux Local Check: alas-2015-621", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-621.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120611\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:51:23 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-621\");\n script_tag(name:\"insight\", value:\"An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.\");\n script_tag(name:\"solution\", value:\"Run yum update python26 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\");\n script_cve_id(\"CVE-2014-7185\", \"CVE-2013-1752\", \"CVE-2014-4650\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"python26-test\", rpm:\"python26-test~2.6.9~2.83.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26-tools\", rpm:\"python26-tools~2.6.9~2.83.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26-debuginfo\", rpm:\"python26-debuginfo~2.6.9~2.83.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26-libs\", rpm:\"python26-libs~2.6.9~2.83.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26-devel\", rpm:\"python26-devel~2.6.9~2.83.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python26\", rpm:\"python26~2.6.9~2.83.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-06-26T00:00:00", "id": "OPENVAS:1361412562310842261", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842261", "title": "Ubuntu Update for python2.7 USN-2653-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for python2.7 USN-2653-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842261\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-26 06:25:01 +0200 (Fri, 26 Jun 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\",\n \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for python2.7 USN-2653-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python2.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that multiple Python\nprotocol libraries incorrectly limited certain data when connecting to servers.\nA malicious ftp, http, imap, nntp, pop or smtp server could use this issue to\ncause a denial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking\ngzip-compressed HTTP bodies. A malicious server could use this issue to\ncause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain\nargument. An attacker could possibly use this issue to read arbitrary\nmemory and expose sensitive information. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this issue\nto expose sensitive information, or possibly execute arbitrary code. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)\");\n script_tag(name:\"affected\", value:\"python2.7 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2653-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2653-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.8-10ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.8-10ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4-minimal\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.6-8ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.6-8ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4\", ver:\"3.4.0-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4-minimal\", ver:\"3.4.0-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.3-0ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.3-0ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.2\", ver:\"3.2.3-0ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.2-minimal\", ver:\"3.2.3-0ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310871404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871404", "title": "RedHat Update for python RHSA-2015:1330-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2015:1330-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871404\");\n script_version(\"$Revision: 12380 $\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:25:42 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for python RHSA-2015:1330-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the referenced article on the Red Hat Customer Portal.\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\");\n script_tag(name:\"affected\", value:\"python on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1330-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1495363\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:44", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-2101", "modified": "2018-09-28T00:00:00", "published": "2015-11-24T00:00:00", "id": "OPENVAS:1361412562310122760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122760", "title": "Oracle Linux Local Check: ELSA-2015-2101", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2101.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122760\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:32 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2101\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2101 - python security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2101\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2101.html\");\n script_cve_id(\"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-debug\", rpm:\"python-debug~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-test\", rpm:\"python-test~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1330", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123066", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123066", "title": "Oracle Linux Local Check: ELSA-2015-1330", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1330.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123066\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1330\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1330 - python security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1330\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1330.html\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-test\", rpm:\"python-test~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:23", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120425", "title": "Amazon Linux Local Check: ALAS-2014-440", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2014-440.nasl 6750 2017-07-18 09:56:47Z teissa$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120425\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:04 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2014-440\");\n script_tag(name:\"insight\", value:\"It was discovered that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. (CVE-2014-4650 )Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a buffer function. (CVE-2014-7185 )\");\n script_tag(name:\"solution\", value:\"Run yum update python27 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-440.html\");\n script_cve_id(\"CVE-2014-7185\", \"CVE-2014-4650\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"python27-tools\", rpm:\"python27-tools~2.7.8~6.74.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-debuginfo\", rpm:\"python27-debuginfo~2.7.8~6.74.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-devel\", rpm:\"python27-devel~2.7.8~6.74.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-test\", rpm:\"python27-test~2.7.8~6.74.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-libs\", rpm:\"python27-libs~2.7.8~6.74.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27\", rpm:\"python27~2.7.8~6.74.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-03-18T14:34:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869288", "id": "OPENVAS:1361412562310869288", "title": "Fedora Update for python FEDORA-2015-6010", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2015-6010\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869288\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-23 07:33:01 +0200 (Thu, 23 Apr 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python FEDORA-2015-6010\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6010\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155769.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~16.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1064", "modified": "2019-03-14T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310122870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122870", "title": "Oracle Linux Local Check: ELSA-2015-1064", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1064.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122870\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:39 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1064\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1064\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1064.html\");\n script_cve_id(\"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"python27\", rpm:\"python27~1.1~20.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python\", rpm:\"python27-python~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-debug\", rpm:\"python27-python-debug~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-devel\", rpm:\"python27-python-devel~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-libs\", rpm:\"python27-python-libs~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-pip\", rpm:\"python27-python-pip~1.5.6~5.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-setuptools\", rpm:\"python27-python-setuptools~0.9.8~5.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-simplejson\", rpm:\"python27-python-simplejson~3.2.0~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-test\", rpm:\"python27-python-test~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-tools\", rpm:\"python27-python-tools~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-wheel\", rpm:\"python27-python-wheel~0.24.0~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-runtime\", rpm:\"python27-runtime~1.1~20.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-scldevel\", rpm:\"python27-scldevel~1.1~20.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-tkinter\", rpm:\"python27-tkinter~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"python27\", rpm:\"python27~1.1~17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python\", rpm:\"python27-python~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-debug\", rpm:\"python27-python-debug~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-devel\", rpm:\"python27-python-devel~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-libs\", rpm:\"python27-python-libs~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-pip\", rpm:\"python27-python-pip~1.5.6~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-setuptools\", rpm:\"python27-python-setuptools~0.9.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-simplejson\", rpm:\"python27-python-simplejson~3.2.0~2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-test\", rpm:\"python27-python-test~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-tools\", rpm:\"python27-python-tools~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-wheel\", rpm:\"python27-python-wheel~0.24.0~2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-runtime\", rpm:\"python27-runtime~1.1~17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-scldevel\", rpm:\"python27-scldevel~1.1~17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-tkinter\", rpm:\"python27-tkinter~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-11-20T00:00:00", "id": "OPENVAS:1361412562310871501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871501", "title": "RedHat Update for python RHSA-2015:2101-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2015:2101-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871501\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:24:47 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\",\n \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for python RHSA-2015:2101-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive,\nobject-oriented programming language often compared to Tcl, Perl, Scheme, or\nJava. Python includes modules, classes, exceptions, very high level dynamic\ndata types and dynamic typing. Python supports interfaces to many system calls\nand libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and\nMFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n * Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an 'Invalid\nargument' error. Subprocesses h ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"python on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2101-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "scanner", "description": "The host is installed with Python\n and is prone to integer overflow vulnerability.", "modified": "2018-11-15T00:00:00", "published": "2014-10-17T00:00:00", "id": "OPENVAS:1361412562310804939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804939", "title": "Python Integer Overflow Vulnerability - 01 Oct14 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_python_integer_overflow_vuln_oct14_win.nasl 12358 2018-11-15 07:57:20Z cfischer $\n#\n# Python Integer Overflow Vulnerability - 01 Oct14 (Windows)\n#\n# Authors:\n# Deepmala <kdeepmala@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:python:python\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804939\");\n script_version(\"$Revision: 12358 $\");\n script_cve_id(\"CVE-2014-7185\");\n script_bugtraq_id(70089);\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-15 08:57:20 +0100 (Thu, 15 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-17 12:50:02 +0530 (Fri, 17 Oct 2014)\");\n script_name(\"Python Integer Overflow Vulnerability - 01 Oct14 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_python_detect_win.nasl\");\n script_mandatory_keys(\"python6432/win/detected\");\n\n script_xref(name:\"URL\", value:\"https://www.python.org\");\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2183\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/96193\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Python\n and is prone to integer overflow vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Flaw exists as the user-supplied input is\n not properly validated when handling large buffer sizes and/or offsets.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to gain access to potentially sensitive information or cause a denial\n of service.\");\n\n script_tag(name:\"affected\", value:\"Python 2.7.x before version 2.7.8 on\n Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 2.7.8 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\npyVer = infos['version'];\npypath = infos['location'];\n\nif(version_in_range(version:pyVer, test_version:\"2.7\", test_version2:\"2.7.7150\")){\n report = report_fixed_ver(installed_version:pyVer, fixed_version:\"2.7.8\", install_path:pypath);\n security_message(data:report);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "f5": [{"lastseen": "2017-07-27T20:24:30", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned IDs 537982 and 673541 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H78825687 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP AAM| 12.0.0 \n11.4.1 - 11.6.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP AFM| 12.0.0 \n11.4.1 - 11.6.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP Analytics| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP APM| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP ASM| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP DNS| 12.0.0| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP Edge Gateway| 11.2.1| None| Medium| Python and Jython \nBIG-IP GTM| 11.4.1 - 11.6.1 \n11.2.1| None| Medium| Python and Jython \nBIG-IP Link Controller| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP PEM| 12.0.0 \n11.4.1 - 11.6.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP PSM| 11.4.1| None| Medium| Python and Jython \nBIG-IP WebAccelerator| 11.2.1| None| Medium| Python and Jython \nBIG-IP WebSafe| 12.0.0 \n11.6.0 - 11.6.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.2.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, ensure Python and Jython scripts communicate only with trusted servers.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-07-27T20:12:00", "published": "2017-07-21T22:36:00", "href": "https://support.f5.com/csp/article/K78825687", "id": "F5:K78825687", "title": "Python and Jython vulnerability CVE-2014-7185", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-10-19T10:29:54", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned IDs 537982 and 673537 (BIG-IP) and ID 672772 (Enterprise Manager) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H53192206 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP AAM | 12.0.0 \n11.4.1 - 11.6.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP AFM | 12.0.0 \n11.4.1 - 11.6.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP Analytics | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP APM | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP ASM | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP DNS | 12.0.0 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP Edge Gateway | 11.2.1 | None | Medium | Python and Jython \nBIG-IP GTM | 11.4.1 - 11.6.1 \n11.2.1 | None | Medium | Python and Jython \nBIG-IP Link Controller | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP PEM | 12.0.0 \n11.4.1 - 11.6.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP PSM | 11.4.1 | None | Medium | Python and Jython \nBIG-IP WebAccelerator | 11.2.1 | None | Medium | Python and Jython \nBIG-IP WebSafe | 12.0.0 \n11.6.0 - 11.6.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Low | Python and Jython \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.2.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.2.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable1 | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None \n \n1The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, ensure Python and Jython scripts communicate only with trusted servers.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2019-07-19T20:14:00", "published": "2017-07-21T22:13:00", "id": "F5:K53192206", "href": "https://support.f5.com/csp/article/K53192206", "title": "Python and Jython vulnerability CVE-2013-1752", "type": "f5", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-07-22T00:24:48", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.2.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-07-21T22:49:00", "published": "2017-07-21T22:49:00", "href": "https://support.f5.com/csp/article/K93278412", "id": "F5:K93278412", "title": "Python and Jython vulnerabilities CVE-2014-1912 and CVE-2014-4650", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2019-05-29T17:22:34", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.\n\n \n**Affected Packages:** \n\n\npython26\n\n \n**Issue Correction:** \nRun _yum update python26_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python26-test-2.6.9-2.83.amzn1.i686 \n python26-tools-2.6.9-2.83.amzn1.i686 \n python26-debuginfo-2.6.9-2.83.amzn1.i686 \n python26-libs-2.6.9-2.83.amzn1.i686 \n python26-devel-2.6.9-2.83.amzn1.i686 \n python26-2.6.9-2.83.amzn1.i686 \n \n src: \n python26-2.6.9-2.83.amzn1.src \n \n x86_64: \n python26-devel-2.6.9-2.83.amzn1.x86_64 \n python26-libs-2.6.9-2.83.amzn1.x86_64 \n python26-tools-2.6.9-2.83.amzn1.x86_64 \n python26-2.6.9-2.83.amzn1.x86_64 \n python26-test-2.6.9-2.83.amzn1.x86_64 \n python26-debuginfo-2.6.9-2.83.amzn1.x86_64 \n \n \n", "modified": "2015-12-13T14:22:00", "published": "2015-12-13T14:22:00", "id": "ALAS-2015-621", "href": "https://alas.aws.amazon.com/ALAS-2015-621.html", "title": "Medium: python26", "type": "amazon", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:29", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nIt was [discovered](<http://bugs.python.org/issue21766>) that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. ([CVE-2014-4650 __](<https://access.redhat.com/security/cve/CVE-2014-4650>))\n\nInteger overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function. ([CVE-2014-7185 __](<https://access.redhat.com/security/cve/CVE-2014-7185>))\n\n \n**Affected Packages:** \n\n\npython27\n\n \n**Issue Correction:** \nRun _yum update python27_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python27-tools-2.7.8-6.74.amzn1.i686 \n python27-debuginfo-2.7.8-6.74.amzn1.i686 \n python27-devel-2.7.8-6.74.amzn1.i686 \n python27-test-2.7.8-6.74.amzn1.i686 \n python27-libs-2.7.8-6.74.amzn1.i686 \n python27-2.7.8-6.74.amzn1.i686 \n \n src: \n python27-2.7.8-6.74.amzn1.src \n \n x86_64: \n python27-debuginfo-2.7.8-6.74.amzn1.x86_64 \n python27-devel-2.7.8-6.74.amzn1.x86_64 \n python27-test-2.7.8-6.74.amzn1.x86_64 \n python27-2.7.8-6.74.amzn1.x86_64 \n python27-libs-2.7.8-6.74.amzn1.x86_64 \n python27-tools-2.7.8-6.74.amzn1.x86_64 \n \n \n", "modified": "2014-11-11T10:32:00", "published": "2014-11-11T10:32:00", "id": "ALAS-2014-440", "href": "https://alas.aws.amazon.com/ALAS-2014-440.html", "title": "Medium: python27", "type": "amazon", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T17:22:35", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.([CVE-2013-1752 __](<https://access.redhat.com/security/cve/CVE-2013-1752>))\n\nIt was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. ([CVE-2013-1753 __](<https://access.redhat.com/security/cve/CVE-2013-1753>))\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.([CVE-2014-9365 __](<https://access.redhat.com/security/cve/CVE-2014-9365>))\n\n \n**Affected Packages:** \n\n\npython27\n\n \n**Issue Correction:** \nRun _yum update python27_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python27-devel-2.7.9-4.114.amzn1.i686 \n python27-tools-2.7.9-4.114.amzn1.i686 \n python27-2.7.9-4.114.amzn1.i686 \n python27-debuginfo-2.7.9-4.114.amzn1.i686 \n python27-libs-2.7.9-4.114.amzn1.i686 \n python27-test-2.7.9-4.114.amzn1.i686 \n \n src: \n python27-2.7.9-4.114.amzn1.src \n \n x86_64: \n python27-2.7.9-4.114.amzn1.x86_64 \n python27-libs-2.7.9-4.114.amzn1.x86_64 \n python27-tools-2.7.9-4.114.amzn1.x86_64 \n python27-devel-2.7.9-4.114.amzn1.x86_64 \n python27-test-2.7.9-4.114.amzn1.x86_64 \n python27-debuginfo-2.7.9-4.114.amzn1.x86_64 \n \n \n", "modified": "2017-08-31T22:55:00", "published": "2017-08-31T22:55:00", "id": "ALAS-2015-552", "href": "https://alas.aws.amazon.com/ALAS-2015-552.html", "title": "Medium: python27", "type": "amazon", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2019-05-29T17:22:51", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. ([CVE-2013-1752 __](<https://access.redhat.com/security/cve/CVE-2013-1752>))\n\nThe ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to [CVE-2009-2408 __](<https://access.redhat.com/security/cve/CVE-2009-2408>). ([CVE-2013-4238 __](<https://access.redhat.com/security/cve/CVE-2013-4238>))\n\n \n**Affected Packages:** \n\n\npython26\n\n \n**Issue Correction:** \nRun _yum update python26_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python26-devel-2.6.9-1.40.amzn1.i686 \n python26-2.6.9-1.40.amzn1.i686 \n python26-test-2.6.9-1.40.amzn1.i686 \n python26-tools-2.6.9-1.40.amzn1.i686 \n python26-libs-2.6.9-1.40.amzn1.i686 \n python26-debuginfo-2.6.9-1.40.amzn1.i686 \n \n src: \n python26-2.6.9-1.40.amzn1.src \n \n x86_64: \n python26-tools-2.6.9-1.40.amzn1.x86_64 \n python26-2.6.9-1.40.amzn1.x86_64 \n python26-debuginfo-2.6.9-1.40.amzn1.x86_64 \n python26-test-2.6.9-1.40.amzn1.x86_64 \n python26-libs-2.6.9-1.40.amzn1.x86_64 \n python26-devel-2.6.9-1.40.amzn1.x86_64 \n \n \n", "modified": "2015-06-22T10:35:00", "published": "2015-06-22T10:35:00", "id": "ALAS-2013-241", "href": "https://alas.aws.amazon.com/ALAS-2013-241.html", "title": "Medium: python26", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2019-02-21T01:24:43", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.", "modified": "2018-07-02T00:00:00", "id": "CENTOS_RHSA-2015-1330.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85012", "published": "2015-07-28T00:00:00", "title": "CentOS 6 : python (CESA-2015:1330)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1330 and \n# CentOS Errata and Security Advisory 2015:1330 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85012);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 65379, 68147, 70089);\n script_xref(name:\"RHSA\", value:\"2015:1330\");\n\n script_name(english:\"CentOS 6 : python (CESA-2015:1330)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2015-July/001906.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?215fca08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n# Temp disable\nexit(0, 'Temporarily disabled.');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-devel-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-libs-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-test-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:45", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:1330 :\n\nUpdated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.", "modified": "2018-07-26T00:00:00", "id": "ORACLELINUX_ELSA-2015-1330.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85099", "published": "2015-07-30T00:00:00", "title": "Oracle Linux 6 : python (ELSA-2015-1330)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1330 and \n# Oracle Linux Security Advisory ELSA-2015-1330 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85099);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/07/26 13:32:43\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 65379, 68147, 70089);\n script_xref(name:\"RHSA\", value:\"2015:1330\");\n\n script_name(english:\"Oracle Linux 6 : python (ELSA-2015-1330)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1330 :\n\nUpdated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005228.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"python-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-devel-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-libs-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-test-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-tools-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tkinter-2.6.6-64.0.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-test / python-tools / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:28", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-2101.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86968", "published": "2015-11-20T00:00:00", "title": "RHEL 7 : python (RHSA-2015:2101)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2101. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86968);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"RHSA\", value:\"2015:2101\");\n\n script_name(english:\"RHEL 7 : python (RHSA-2015:2101)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict\nthe size of gzip-compressed HTTP responses. A malicious XMLRPC server\ncould cause an XMLRPC client using xmlrpclib to consume an excessive\namount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An\nattacker able to control the index value passed to one of the affected\nfunctions could possibly use this flaw to disclose portions of the\napplication memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or\nurllib) did not perform verification of TLS/SSL certificates when\nconnecting to HTTPS servers. A man-in-the-middle attacker could use\nthis flaw to hijack connections and eavesdrop or modify transferred\ndata. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to\nenable certificate verification by default. However, for backwards\ncompatibility, verification remains disabled by default. Future\nupdates may change this default. Refer to the Knowledgebase article\n2039753 linked to in the References section for further details about\nthis change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads\npreviously tried to close epoll file descriptors twice, which led to\nan 'Invalid argument' error. Subprocesses have been fixed to close the\nfile descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no\nlonger produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the\n'-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile\nargument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported\nto the Python standard library, for example, new features of the ssl\nmodule: Server Name Indication (SNI) support, support for new TLSv1.x\nprotocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the\nssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access\ninformation about the version of the SSL protocol used in a\nconnection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7185\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2101\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-debug-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"python-debuginfo-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-devel-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"python-libs-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-test-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-tools-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"tkinter-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-34.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debug / python-debuginfo / python-devel / etc\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:48", "bulletinFamily": "scanner", "description": "This update to python 2.7.9 fixes the following issues :\n\n - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64\n\nFrom the version update to 2.7.9 :\n\n - contains full backport of ssl module from Python 3.4 (PEP466)\n\n - HTTPS certificate validation enabled by default (PEP476)\n\n - SSLv3 disabled by default (bnc#901715)\n\n - backported ensurepip module (PEP477)\n\n - fixes several missing CVEs from last release:\n CVE-2013-1752, CVE-2013-1753\n\n - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch\n\n - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3\n\n - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well\n\n - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional 'import ssl' from test_urllib2_localnet that caused it to fail without ssl\n\n - skip test_thread in qemu_linux_user mode\n\nFrom the version update to 2.7.8 :\n\n - fixes CVE-2014-4650 directory traversal in CGIHTTPServer\n\n - fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer()\n\nAlso the DH parameters were increased to 2048 bit to fix logjam security issue (bsc#935856)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-29T00:00:00", "id": "SUSE_SU-2015-1344-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85250", "published": "2015-08-06T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1344-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85250);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/11/29 12:03:38\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 66958, 68147, 70089);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to python 2.7.9 fixes the following issues :\n\n - python-2.7-libffi-aarch64.patch: Fix argument passing in\n libffi for aarch64\n\nFrom the version update to 2.7.9 :\n\n - contains full backport of ssl module from Python 3.4\n (PEP466)\n\n - HTTPS certificate validation enabled by default (PEP476)\n\n - SSLv3 disabled by default (bnc#901715)\n\n - backported ensurepip module (PEP477)\n\n - fixes several missing CVEs from last release:\n CVE-2013-1752, CVE-2013-1753\n\n - dropped upstreamed patches: python-2.7.6-poplib.patch,\n smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch\n\n - dropped patch python-2.7.3-ssl_ca_path.patch because we\n don't need it with ssl module from Python 3\n\n - libffi was upgraded upstream, seems to contain our\n changes, so dropping libffi-ppc64le.diff as well\n\n - python-2.7-urllib2-localnet-ssl.patch - properly remove\n unconditional 'import ssl' from test_urllib2_localnet\n that caused it to fail without ssl\n\n - skip test_thread in qemu_linux_user mode\n\nFrom the version update to 2.7.8 :\n\n - fixes CVE-2014-4650 directory traversal in CGIHTTPServer\n\n - fixes CVE-2014-7185 (bnc#898572) potential buffer\n overflow in buffer()\n\nAlso the DH parameters were increased to 2048 bit to fix logjam\nsecurity issue (bsc#935856)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-1752/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-1753/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4650/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7185/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151344-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b2cb590\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-367=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-367=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-367=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-367=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-curses-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-curses-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-demo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-gdbm-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-gdbm-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-idle-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-tk-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-tk-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-xml-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-xml-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-curses-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-curses-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-devel-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-tk-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-tk-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-xml-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-xml-debuginfo-2.7.9-14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:31", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2015-2101.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87129", "published": "2015-12-02T00:00:00", "title": "CentOS 7 : python (CESA-2015:2101)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2101 and \n# CentOS Errata and Security Advisory 2015:2101 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87129);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:31\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"RHSA\", value:\"2015:2101\");\n\n script_name(english:\"CentOS 7 : python (CESA-2015:2101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict\nthe size of gzip-compressed HTTP responses. A malicious XMLRPC server\ncould cause an XMLRPC client using xmlrpclib to consume an excessive\namount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An\nattacker able to control the index value passed to one of the affected\nfunctions could possibly use this flaw to disclose portions of the\napplication memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or\nurllib) did not perform verification of TLS/SSL certificates when\nconnecting to HTTPS servers. A man-in-the-middle attacker could use\nthis flaw to hijack connections and eavesdrop or modify transferred\ndata. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to\nenable certificate verification by default. However, for backwards\ncompatibility, verification remains disabled by default. Future\nupdates may change this default. Refer to the Knowledgebase article\n2039753 linked to in the References section for further details about\nthis change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads\npreviously tried to close epoll file descriptors twice, which led to\nan 'Invalid argument' error. Subprocesses have been fixed to close the\nfile descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no\nlonger produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the\n'-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile\nargument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported\nto the Python standard library, for example, new features of the ssl\nmodule: Server Name Indication (SNI) support, support for new TLSv1.x\nprotocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the\nssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access\ninformation about the version of the SSL protocol used in a\nconnection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002560.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2883d9e8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-34.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:41", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.", "modified": "2018-11-10T00:00:00", "id": "REDHAT-RHSA-2015-1330.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84938", "published": "2015-07-23T00:00:00", "title": "RHEL 6 : python (RHSA-2015:1330)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1330. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84938);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 65379, 68147, 70089);\n script_xref(name:\"RHSA\", value:\"2015:1330\");\n\n script_name(english:\"RHEL 6 : python (RHSA-2015:1330)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/1495363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4650\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1330\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-debuginfo-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-devel-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-libs-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-test-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-test-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-test-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debuginfo / python-devel / python-libs / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:25", "bulletinFamily": "scanner", "description": "It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-2653-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84428", "published": "2015-06-26T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2653-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84428);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 66958, 68119, 68147, 70089);\n script_xref(name:\"USN\", value:\"2653-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that multiple Python protocol libraries incorrectly\nlimited certain data when connecting to servers. A malicious ftp,\nhttp, imap, nntp, pop or smtp server could use this issue to cause a\ndenial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit\nunpacking gzip-compressed HTTP bodies. A malicious server could use\nthis issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a\ncertain argument. An attacker could possibly use this issue to read\narbitrary memory and expose sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this\nissue to expose sensitive information, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2653-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7\", pkgver:\"2.7.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2\", pkgver:\"3.2.3-0ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2-minimal\", pkgver:\"3.2.3-0ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7\", pkgver:\"2.7.6-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.6-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4\", pkgver:\"3.4.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python2.7\", pkgver:\"2.7.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3.4\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.7 / python2.7-minimal / python3.2 / python3.2-minimal / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:25:29", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:2101 :\n\nUpdated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "modified": "2018-07-25T00:00:00", "id": "ORACLELINUX_ELSA-2015-2101.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87020", "published": "2015-11-24T00:00:00", "title": "Oracle Linux 7 : python (ELSA-2015-2101)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2101 and \n# Oracle Linux Security Advisory ELSA-2015-2101 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87020);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/25 14:27:30\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"RHSA\", value:\"2015:2101\");\n\n script_name(english:\"Oracle Linux 7 : python (ELSA-2015-2101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2101 :\n\nUpdated python packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict\nthe size of gzip-compressed HTTP responses. A malicious XMLRPC server\ncould cause an XMLRPC client using xmlrpclib to consume an excessive\namount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An\nattacker able to control the index value passed to one of the affected\nfunctions could possibly use this flaw to disclose portions of the\napplication memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or\nurllib) did not perform verification of TLS/SSL certificates when\nconnecting to HTTPS servers. A man-in-the-middle attacker could use\nthis flaw to hijack connections and eavesdrop or modify transferred\ndata. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to\nenable certificate verification by default. However, for backwards\ncompatibility, verification remains disabled by default. Future\nupdates may change this default. Refer to the Knowledgebase article\n2039753 linked to in the References section for further details about\nthis change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads\npreviously tried to close epoll file descriptors twice, which led to\nan 'Invalid argument' error. Subprocesses have been fixed to close the\nfile descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no\nlonger produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the\n'-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile\nargument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported\nto the Python standard library, for example, new features of the ssl\nmodule: Server Name Indication (SNI) support, support for new TLSv1.x\nprotocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the\nssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access\ninformation about the version of the SSL protocol used in a\nconnection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005559.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-34.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debug / python-devel / python-libs / python-test / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:47", "bulletinFamily": "scanner", "description": "It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)", "modified": "2018-12-28T00:00:00", "id": "SL_20150722_PYTHON_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=85206", "published": "2015-08-04T00:00:00", "title": "Scientific Linux Security Update : python on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85206);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=3564\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15a4252d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"python-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-debuginfo-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-devel-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-libs-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-test-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:40", "bulletinFamily": "scanner", "description": "It was discovered that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. (CVE-2014-4650)\n\nInteger overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function.\n(CVE-2014-7185)", "modified": "2018-11-19T00:00:00", "id": "ALA_ALAS-2014-440.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78873", "published": "2014-11-06T00:00:00", "title": "Amazon Linux AMI : python27 (ALAS-2014-440)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-440.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78873);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/19 11:02:41\");\n\n script_cve_id(\"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2014-440\");\n\n script_name(english:\"Amazon Linux AMI : python27 (ALAS-2014-440)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Python built-in module CGIHTTPServer does not\nproperly handle URL-encoded path separators in URLs which may enable\nattackers to disclose a CGI script's source code or execute arbitrary\nscripts in the server's document root. (CVE-2014-4650)\n\nInteger overflow in bufferobject.c in Python before 2.7.8 allows\ncontext-dependent attackers to obtain sensitive information from\nprocess memory via a large size and offset in a 'buffer' function.\n(CVE-2014-7185)\"\n );\n # http://bugs.python.org/issue21766\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue21766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-440.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python27' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python27-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-debuginfo-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-devel-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-libs-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-test-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-tools-2.7.8-6.74.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python27 / python27-debuginfo / python27-devel / python27-libs / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:56", "bulletinFamily": "unix", "description": "[2.7.5-34.0.1]\n- Add Oracle Linux distribution in platform.py [orabug 20812544]\n[2.7.5-34]\n- Revert fix for rhbz#1117751 as it leads to regressions\nResolves: rhbz#1117751\n[2.7.5-33]\n- Only restore SIG_PIPE when Popen called with restore_sigpipe\nResolves: rhbz#1117751\n[2.7.5-32]\n- Backport SSLSocket.version function\n- Temporary disable test_gdb on ppc64le rhbz#1260558\nResolves: rhbz#1259421\n[2.7.5-31]\n- Update load_cert_chain function to accept None keyfile\nResolves: rhbz#1250611\n[2.7.5-30]\n- Change Patch224 according to latest update in PEP493\nResolves:rhbz#1219108\n[2.7.5-29]\n- Popen shouldn't ignore SIG_PIPE\nResolves: rhbz#1117751\n[2.7.5-28]\n- Exclude python subprocess temp files from cleaning\nResolves: rhbz#1058482\n[2.7.5-27]\n- Add list for cprofile sort option\nResolves:rhbz#1237107\n[2.7.5-26]\n- Add switch to toggle cert verification on or off globally\nResolves:rhbz#1219108\n[2.7.5-25]\n- PEP476 enable cert verifications by default\nResolves:rhbz#1219110\n[2.7.5-24]\n- Massive backport of ssl module from python3 aka PEP466\nResolves: rhbz#1111461\n[2.7.5-23]\n- Fixed CVE-2013-1753, CVE-2013-1752, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185\nResolves: rhbz#1206574\n[2.7.5-22]\n- Fix importing readline producing erroneous output\nResolves: rhbz#1189301\n[2.7.5-21]\n- Add missing import in bdist_rpm\nResolves: rhbz#1177613\n[2.7.5-20]\n- Avoid double close of subprocess pipes\nResolves: rhbz#1103452\n[2.7.5-19]\n- make multiprocessing ignore EINTR\nResolves: rhbz#1181624", "modified": "2015-11-23T00:00:00", "published": "2015-11-23T00:00:00", "id": "ELSA-2015-2101", "href": "http://linux.oracle.com/errata/ELSA-2015-2101.html", "title": "python security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "unix", "description": "[2.6.6-64.0.1]\n- Add Oracle Linux distribution in platform.py [orabug 21288328] (Keshav Sharma)\n[2.6.6-64]\n- Enable use of deepcopy() with instance methods\nResolves: rhbz#1223037\n[2.6.6-63]\n- Since -libs now provide python-ordered dict, added ordereddict\n dist-info to site-packages\nResolves: rhbz#1199997\n[2.6.6-62]\n- Fix CVE-2014-7185/4650/1912 CVE-2013-1752\nResolves: rhbz#1206572\n[2.6.6-61]\n- Fix logging module error when multiprocessing module is not initialized\nResolves: rhbz#1204966\n[2.6.6-60]\n- Add provides for python-ordereddict\nResolves: rhbz#1199997\n[2.6.6-59]\n- Let ConfigParse handle options without values\n- Add check phase to specfile, fix and skip relevant failing tests\nResolves: rhbz#1031709\n[2.6.6-58]\n- Make Popen.communicate catch EINTR error\nResolves: rhbz#1073165\n[2.6.6-57]\n- Add choices for sort option of cProfile for better output\nResolves: rhbz#1160640\n[2.6.6-56]\n- Make multiprocessing ignore EINTR\nResolves: rhbz#1180864\n[2.6.6-55]\n- Fix iteration over files with very long lines\nResolves: rhbz#794632\n[2.6.6-54]\n- Fix subprocess.Popen.communicate() being broken by SIGCHLD handler.\nResolves: rhbz#1065537\n- Rebuild against latest valgrind-devel.\nResolves: rhbz#1142170\n[2.6.6-53]\n- Bump release up to ensure proper upgrade path.\nRelated: rhbz#958256", "modified": "2015-07-28T00:00:00", "published": "2015-07-28T00:00:00", "id": "ELSA-2015-1330", "href": "http://linux.oracle.com/errata/ELSA-2015-1330.html", "title": "python security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "bulletinFamily": "unix", "description": "python27\n[1.1-17]\n- Require python-pip and python-wheel (note: in rh-python34\n this is not necessary, because 'python' depends on these).\npython27-python\n[2.7.8-3]\n- Add httplib fix for CVE-2013-1752\nResolves: rhbz#1187779\n[2.7.8-2]\n- Fix %check\nunset DISPLAY\n setion not failing properly on failed test\n- Fixed CVE-2013-1752, CVE-2013-1753\nResolves: rhbz#1187779\n[2.7.8-1]\n- Update to 2.7.8.\nResolves: rhbz#1167912\n- Make python-devel depend on scl-utils-build.\nResolves: rhbz#1170993\npython27-python-pip\n - New Package added\npython27-python-setuptools\n[0.9.8-3]\n- Enhance patch restoring proxy support in SSL connections\nResolves: rhbz#1222507\npython27-python-simplejson\n[3.2.0-2]\n- Fix CVE-2014-461, add boundary checks\nResolves: rhbz#1222534\npython27-python-wheel\n - New Package added ", "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "ELSA-2015-1064", "href": "http://linux.oracle.com/errata/ELSA-2015-1064.html", "title": "python27 security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:24", "bulletinFamily": "unix", "description": "It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)", "modified": "2015-06-25T00:00:00", "published": "2015-06-25T00:00:00", "id": "USN-2653-1", "href": "https://usn.ubuntu.com/2653-1/", "title": "Python vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "centos": [{"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1330\n\n\nPython is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-July/001906.html\n\n**Affected packages:**\npython\npython-devel\npython-libs\npython-test\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1330.html", "modified": "2015-07-26T14:11:19", "published": "2015-07-26T14:11:19", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-July/001906.html", "id": "CESA-2015:1330", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:2101\n\n\nPython is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n* Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an \"Invalid\nargument\" error. Subprocesses have been fixed to close the file descriptors\nonly once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer\nproduces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the \"-s\"\noption supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts \"None\" as a keyfile argument.\n(BZ#1250611)\n\nIn addition, this update adds the following enhancements:\n\n* Security enhancements as described in PEP 466 have been backported to the\nPython standard library, for example, new features of the ssl module:\nServer Name Indication (SNI) support, support for new TLSv1.x protocols,\nnew hash algorithms in the hashlib module, and many more. (BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl\nlibrary. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information\nabout the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002560.html\n\n**Affected packages:**\npython\npython-debug\npython-devel\npython-libs\npython-test\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2101.html", "modified": "2015-11-30T19:48:49", "published": "2015-11-30T19:48:49", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/002560.html", "id": "CESA-2015:2101", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\n", "modified": "2018-06-06T20:24:24", "published": "2015-07-22T04:00:00", "id": "RHSA-2015:1330", "href": "https://access.redhat.com/errata/RHSA-2015:1330", "type": "redhat", "title": "(RHSA-2015:1330) Moderate: python security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:02", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n* Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an \"Invalid\nargument\" error. Subprocesses have been fixed to close the file descriptors\nonly once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer\nproduces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the \"-s\"\noption supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts \"None\" as a keyfile argument.\n(BZ#1250611)\n\nIn addition, this update adds the following enhancements:\n\n* Security enhancements as described in PEP 466 have been backported to the\nPython standard library, for example, new features of the ssl module:\nServer Name Indication (SNI) support, support for new TLSv1.x protocols,\nnew hash algorithms in the hashlib module, and many more. (BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl\nlibrary. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information\nabout the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "modified": "2018-04-12T03:32:44", "published": "2015-11-19T18:41:01", "id": "RHSA-2015:2101", "href": "https://access.redhat.com/errata/RHSA-2015:2101", "type": "redhat", "title": "(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:52", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming language\nthat supports modules, classes, exceptions, high-level dynamic data types,\nand dynamic typing. The python27 collection provide a stable release of\nPython 2.7 with a number of additional utilities and database connectors\nfor MySQL and PostgreSQL.\n\nThe python27-python packages have been upgraded to upstream version 2.7.8,\nwhich provides numerous bug fixes over the previous version. (BZ#1167912)\n\nThe following security issues were fixed in the python27-python component:\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThe following security issue was fixed in the python27-python and\npython27-python-simplejson components:\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nIn addition, this update adds the following enhancement:\n\n* The python27 Software Collection now includes the python-wheel and\npython-pip modules. (BZ#994189, BZ#1167902)\n\nAll python27 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. All running python27\ninstances must be restarted for this update to take effect.\n", "modified": "2018-06-13T01:28:19", "published": "2015-06-04T04:00:00", "id": "RHSA-2015:1064", "href": "https://access.redhat.com/errata/RHSA-2015:1064", "type": "redhat", "title": "(RHSA-2015:1064) Moderate: python27 security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T20:05:35", "bulletinFamily": "exploit", "description": "Python CGIHTTPServer Encoded Path Traversal. CVE-2014-4650. Webapps exploits for multiple platform", "modified": "2014-06-27T00:00:00", "published": "2014-06-27T00:00:00", "id": "EDB-ID:33894", "href": "https://www.exploit-db.com/exploits/33894/", "type": "exploitdb", "title": "Python CGIHTTPServer Encoded Path Traversal", "sourceData": "Advisory: Python CGIHTTPServer File Disclosure and Potential Code\r\n Execution\r\n\r\nThe CGIHTTPServer Python module does not properly handle URL-encoded\r\npath separators in URLs. This may enable attackers to disclose a CGI\r\nscript's source code or execute arbitrary CGI scripts in the server's\r\ndocument root.\r\n\r\nDetails\r\n=======\r\n\r\nProduct: Python CGIHTTPServer\r\nAffected Versions:\r\n 2.7 - 2.7.7,\r\n 3.2 - 3.2.4,\r\n 3.3 - 3.3.2,\r\n 3.4 - 3.4.1,\r\n 3.5 pre-release\r\nFixed Versions:\r\n 2.7 rev b4bab0788768,\r\n 3.2 rev e47422855841,\r\n 3.3 rev 5676797f3a3e,\r\n 3.4 rev 847e288d6e93,\r\n 3.5 rev f8b3bb5eb190\r\nVulnerability Type: File Disclosure, Directory Traversal, Code Execution\r\nSecurity Risk: high\r\nVendor URL: https://docs.python.org/2/library/cgihttpserver.html\r\nVendor Status: fixed version released\r\nAdvisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2014-008\r\nAdvisory Status: published\r\nCVE: CVE-2014-4650\r\nCVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650\r\n\r\n\r\nIntroduction\r\n============\r\n\r\nThe CGIHTTPServer module defines a request-handler class, interface\r\ncompatible with BaseHTTPServer. BaseHTTPRequestHandler and inherits\r\nbehavior from SimpleHTTPServer. SimpleHTTPRequestHandler but can also\r\nrun CGI scripts.\r\n\r\n(from the Python documentation)\r\n\r\n\r\nMore Details\r\n============\r\n\r\nThe CGIHTTPServer module can be used to set up a simple HTTP server with\r\nCGI scripts. A sample server script in Python may look like the\r\nfollowing:\r\n\r\n------------------------------------------------------------------------\r\n#!/usr/bin/env python2\r\n\r\nimport CGIHTTPServer\r\nimport BaseHTTPServer\r\n\r\nif __name__ == \"__main__\":\r\n server = BaseHTTPServer.HTTPServer\r\n handler = CGIHTTPServer.CGIHTTPRequestHandler\r\n server_address = (\"\", 8000)\r\n # Note that only /cgi-bin will work:\r\n handler.cgi_directories = [\"/cgi-bin\", \"/cgi-bin/subdir\"]\r\n httpd = server(server_address, handler)\r\n httpd.serve_forever()\r\n------------------------------------------------------------------------\r\n\r\nThis server should execute any scripts located in the subdirectory\r\n\"cgi-bin\". A sample CGI script can be placed in that directory, for\r\nexample a script like the following:\r\n\r\n------------------------------------------------------------------------\r\n#!/usr/bin/env python2\r\nimport json\r\nimport sys\r\n\r\ndb_credentials = \"SECRET\"\r\nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\")\r\nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"}))\r\n------------------------------------------------------------------------\r\n\r\nThe Python library CGIHTTPServer.py implements the CGIHTTPRequestHandler\r\nclass which inherits from SimpleHTTPServer.SimpleHTTPRequestHandler:\r\n\r\nclass SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):\r\n[...]\r\n def do_GET(self):\r\n \"\"\"Serve a GET request.\"\"\"\r\n f = self.send_head()\r\n if f:\r\n try:\r\n self.copyfile(f, self.wfile)\r\n finally:\r\n f.close()\r\n\r\n def do_HEAD(self):\r\n \"\"\"Serve a HEAD request.\"\"\"\r\n f = self.send_head()\r\n if f:\r\n f.close()\r\n\r\n def translate_path(self, path):\r\n [...]\r\n path = posixpath.normpath(urllib.unquote(path))\r\n words = path.split('/')\r\n words = filter(None, words)\r\n path = os.getcwd()\r\n [...]\r\n\r\nThe CGIHTTPRequestHandler class inherits, among others, the methods\r\ndo_GET() and do_HEAD() for handling HTTP GET and HTTP HEAD requests. The\r\nclass overrides send_head() and implements several new methods, such as\r\ndo_POST(), is_cgi() and run_cgi():\r\n\r\nclass CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):\r\n[...]\r\n def do_POST(self):\r\n [...]\r\n if self.is_cgi():\r\n self.run_cgi()\r\n else:\r\n self.send_error(501, \"Can only POST to CGI scripts\")\r\n\r\n def send_head(self):\r\n \"\"\"Version of send_head that support CGI scripts\"\"\"\r\n if self.is_cgi():\r\n return self.run_cgi()\r\n else:\r\n return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)\r\n\r\n def is_cgi(self):\r\n [...]\r\n collapsed_path = _url_collapse_path(self.path)\r\n dir_sep = collapsed_path.find('/', 1)\r\n head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]\r\n if head in self.cgi_directories:\r\n self.cgi_info = head, tail\r\n return True\r\n return False\r\n[...]\r\n def run_cgi(self):\r\n \"\"\"Execute a CGI script.\"\"\"\r\n dir, rest = self.cgi_info\r\n\r\n [...]\r\n\r\n # dissect the part after the directory name into a script name &\r\n # a possible additional path, to be stored in PATH_INFO.\r\n i = rest.find('/')\r\n if i >= 0:\r\n script, rest = rest[:i], rest[i:]\r\n else:\r\n script, rest = rest, ''\r\n\r\n scriptname = dir + '/' + script\r\n scriptfile = self.translate_path(scriptname)\r\n if not os.path.exists(scriptfile):\r\n self.send_error(404, \"No such CGI script (%r)\" % scriptname)\r\n return\r\n if not os.path.isfile(scriptfile):\r\n self.send_error(403, \"CGI script is not a plain file (%r)\" %\r\n scriptname)\r\n return\r\n [...]\r\n[...]\r\n\r\nFor HTTP GET requests, do_GET() first invokes send_head(). That method\r\ncalls is_cgi() to determine whether the requested path is to be executed\r\nas a CGI script. The is_cgi() method uses _url_collapse_path() to\r\nnormalize the path, i.e. remove extraneous slashes (/),current directory\r\n(.), or parent directory (..) elements, taking care not to permit\r\ndirectory traversal below the document root. The is_cgi() function\r\nreturns True when the first path element is contained in the\r\ncgi_directories list. As _url_collaps_path() and is_cgi() never URL\r\ndecode the path, replacing the forward slash after the CGI directory in\r\nthe URL to a CGI script with the URL encoded variant %2f leads to\r\nis_cgi() returning False. This will make CGIHTTPRequestHandler's\r\nsend_head() then invoke its parent's send_head() method which translates\r\nthe URL path to a file system path using the translate_path() method and\r\nthen outputs the file's contents raw. As translate_path() URL decodes\r\nthe path, this then succeeds and discloses the CGI script's file\r\ncontents:\r\n\r\n$ curl http://localhost:8000/cgi-bin%2ftest.py\r\n#!/usr/bin/env python2\r\nimport json\r\nimport sys\r\n\r\ndb_credentials = \"SECRET\"\r\nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\")\r\nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"}))\r\n\r\nSimilarly, the CGIHTTPRequestHandler can be tricked into executing CGI\r\nscripts that would normally not be executable. The class normally only\r\nallows executing CGI scripts that are direct children of one of the\r\ndirectories listed in cgi_directories. Furthermore, only direct\r\nsubdirectories of the document root (the current working directory) can\r\nbe valid CGI directories.\r\n\r\nThis can be seen in the following example. Even though the sample server\r\nshown above includes \"/cgi-bin/subdir\" as part of the request handler's\r\ncgi_directories, a CGI script named test.py in that directory is not\r\nexecuted:\r\n\r\n$ curl http://localhost:8000/cgi-bin/subdir/test.py\r\n[...]\r\n<p>Error code 403.\r\n<p>Message: CGI script is not a plain file ('/cgi-bin/subdir').\r\n[...]\r\n\r\nHere, is_cgi() set self.cgi_info to ('/cgi-bin', 'subdir/test.py') and\r\nreturned True. Next, run_cgi() further dissected these paths to perform\r\nsome sanity checks, thereby mistakenly assuming subdir to be the\r\nexecutable script's filename and test.py to be path info. As subdir is\r\nnot an executable file, run_cgi() returns an error message. However, if\r\nthe forward slash between subdir and test.py is replaced with %2f,\r\ninvoking the script succeeds:\r\n\r\n$ curl http://localhost:8000/cgi-bin/subdir%2ftest.py\r\n{\"text\": \"This is a Test\"}\r\n\r\nThis is because neither is_cgi() nor run_cgi() URL decode the path\r\nduring processing until run_cgi() tries to determine whether the target\r\nscript is an executable file. More specifically, as subdir%2ftest.py\r\ndoes not contain a forward slash, it is not split into the script name\r\nsubdir and path info test.py, as in the previous example.\r\n\r\nSimilarly, using URL encoded forward slashes, executables outside of a\r\nCGI directory can be executed:\r\n\r\n$ curl http://localhost:8000/cgi-bin/..%2ftraversed.py\r\n{\"text\": \"This is a Test\"}\r\n\r\n\r\nWorkaround\r\n==========\r\n\r\nSubclass CGIHTTPRequestHandler and override the is_cgi() method with a\r\nvariant that first URL decodes the supplied path, for example:\r\n\r\nclass FixedCGIHTTPRequestHandler(CGIHTTPServer.CGIHTTPRequestHandler):\r\n def is_cgi(self):\r\n self.path = urllib.unquote(self.path)\r\n return CGIHTTPServer.CGIHTTPRequestHandler.is_cgi(self)\r\n\r\n\r\nFix\r\n===\r\n\r\nUpdate to the latest Python version from the Mercurial repository at\r\nhttp://hg.python.org/cpython/\r\n\r\n\r\nSecurity Risk\r\n=============\r\n\r\nThe vulnerability can be used to gain access to the contents of CGI\r\nbinaries or the source code of CGI scripts. This may reveal sensitve\r\ninformation, for example access credentials. This can greatly help\r\nattackers in mounting further attacks and is therefore considered to\r\npose a high risk. Furthermore attackers may be able to execute code that\r\nwas not intended to be executed. However, this is limited to files\r\nstored in the server's working directory or in its subdirectories.\r\n\r\nThe CGIHTTPServer code does contain this warning:\r\n\"SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL\"\r\nEven when used on a local computer this may allow other local users to\r\nexecute code in the context of another user.\r\n\r\n\r\nTimeline\r\n========\r\n\r\n2014-04-07 Vulnerability identified\r\n2014-06-11 Customer approved disclosure to vendor\r\n2014-06-11 Vendor notified\r\n2014-06-15 Vendor disclosed vulnerability in their public bug tracker\r\n and addressed it in public source code repository\r\n2014-06-23 CVE number requested\r\n2014-06-25 CVE number assigned\r\n2014-06-26 Advisory released\r\n\r\n\r\nReferences\r\n==========\r\n\r\nhttp://bugs.python.org/issue21766\r\n\r\n\r\nRedTeam Pentesting GmbH\r\n=======================\r\n\r\nRedTeam Pentesting offers individual penetration tests, short pentests,\r\nperformed by a team of specialised IT-security experts. Hereby, security\r\nweaknesses in company networks or products are uncovered and can be\r\nfixed immediately.\r\n\r\nAs there are only few experts in this field, RedTeam Pentesting wants to\r\nshare its knowledge and enhance the public knowledge with research in\r\nsecurity related areas. The results are made available as public\r\nsecurity advisories.\r\n\r\nMore information about RedTeam Pentesting can be found at\r\nhttps://www.redteam-pentesting.de.\r\n\r\n\r\n-- \r\nRedTeam Pentesting GmbH Tel.: +49 241 510081-0\r\nDennewartstr. 25-27 Fax : +49 241 510081-99\r\n52068 Aachen https://www.redteam-pentesting.de\r\nGermany Registergericht: Aachen HRB 14004\r\nGesch\u0102\u00a4ftsf\u0102\u017ahrer: Patrick Hof, Jens Liebchen", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/33894/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "description": "Integer overflow in buffer().", "modified": "2014-10-27T00:00:00", "published": "2014-10-27T00:00:00", "id": "SECURITYVULNS:VULN:14061", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14061", "title": "python integer overflow", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:197\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : python\r\n Date : October 21, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated python packages fix security vulnerability:\r\n \r\n Python before 2.7.8 is vulnerable to an integer overflow in the buffer\r\n type (CVE-2014-7185).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185\r\n http://advisories.mageia.org/MGASA-2014-0399.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n dcefcf76c1a242a7f6f1b6db782df456 mbs1/x86_64/lib64python2.7-2.7.3-4.8.mbs1.x86_64.rpm\r\n 89a011eb8fb6c74449803058f45b97d4 mbs1/x86_64/lib64python-devel-2.7.3-4.8.mbs1.x86_64.rpm\r\n d0c4b166f0707b673941ed509966ba04 mbs1/x86_64/python-2.7.3-4.8.mbs1.x86_64.rpm\r\n 3d5d4e680047114b49bcdece20c69113 mbs1/x86_64/python-docs-2.7.3-4.8.mbs1.noarch.rpm\r\n fb44af0e4af2124a9afc932b44be6377 mbs1/x86_64/tkinter-2.7.3-4.8.mbs1.x86_64.rpm\r\n 9abec6f5bb73aa97224008418c567001 mbs1/x86_64/tkinter-apps-2.7.3-4.8.mbs1.x86_64.rpm \r\n af80562fdc0e4628591fba9249003bf1 mbs1/SRPMS/python-2.7.3-4.8.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFURgY6mqjQ0CJFipgRAvwgAKDXcnHrFfvCfHLE8+K8hm5c36UF2QCg2paU\r\nZKHEaBTvKIYVDsnVIp/qdrA=\r\n=zMF9\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-10-27T00:00:00", "published": "2014-10-27T00:00:00", "id": "SECURITYVULNS:DOC:31316", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31316", "title": "[ MDVSA-2014:197 ] python", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "description": "\r\n\r\nAdvisory: Python CGIHTTPServer File Disclosure and Potential Code\r\n Execution\r\n\r\nThe CGIHTTPServer Python module does not properly handle URL-encoded\r\npath separators in URLs. This may enable attackers to disclose a CGI\r\nscript's source code or execute arbitrary CGI scripts in the server's\r\ndocument root.\r\n\r\nDetails\r\n=======\r\n\r\nProduct: Python CGIHTTPServer\r\nAffected Versions:\r\n 2.7 - 2.7.7,\r\n 3.2 - 3.2.4,\r\n 3.3 - 3.3.2,\r\n 3.4 - 3.4.1,\r\n 3.5 pre-release\r\nFixed Versions:\r\n 2.7 rev b4bab0788768,\r\n 3.2 rev e47422855841,\r\n 3.3 rev 5676797f3a3e,\r\n 3.4 rev 847e288d6e93,\r\n 3.5 rev f8b3bb5eb190\r\nVulnerability Type: File Disclosure, Directory Traversal, Code Execution\r\nSecurity Risk: high\r\nVendor URL: https://docs.python.org/2/library/cgihttpserver.html\r\nVendor Status: fixed version released\r\nAdvisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2014-008\r\nAdvisory Status: published\r\nCVE: CVE-2014-4650\r\nCVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650\r\n\r\n\r\nIntroduction\r\n============\r\n\r\nThe CGIHTTPServer module defines a request-handler class, interface\r\ncompatible with BaseHTTPServer. BaseHTTPRequestHandler and inherits\r\nbehavior from SimpleHTTPServer. SimpleHTTPRequestHandler but can also\r\nrun CGI scripts.\r\n\r\n(from the Python documentation)\r\n\r\n\r\nMore Details\r\n============\r\n\r\nThe CGIHTTPServer module can be used to set up a simple HTTP server with\r\nCGI scripts. A sample server script in Python may look like the\r\nfollowing:\r\n\r\n------------------------------------------------------------------------\r\n#!/usr/bin/env python2\r\n\r\nimport CGIHTTPServer\r\nimport BaseHTTPServer\r\n\r\nif __name__ == "__main__":\r\n server = BaseHTTPServer.HTTPServer\r\n handler = CGIHTTPServer.CGIHTTPRequestHandler\r\n server_address = ("", 8000)\r\n # Note that only /cgi-bin will work:\r\n handler.cgi_directories = ["/cgi-bin", "/cgi-bin/subdir"]\r\n httpd = server(server_address, handler)\r\n httpd.serve_forever()\r\n------------------------------------------------------------------------\r\n\r\nThis server should execute any scripts located in the subdirectory\r\n"cgi-bin". A sample CGI script can be placed in that directory, for\r\nexample a script like the following:\r\n\r\n------------------------------------------------------------------------\r\n#!/usr/bin/env python2\r\nimport json\r\nimport sys\r\n\r\ndb_credentials = "SECRET"\r\nsys.stdout.write("Content-type: text/json\r\n\r\n")\r\nsys.stdout.write(json.dumps({"text": "This is a Test"}))\r\n------------------------------------------------------------------------\r\n\r\nThe Python library CGIHTTPServer.py implements the CGIHTTPRequestHandler\r\nclass which inherits from SimpleHTTPServer.SimpleHTTPRequestHandler:\r\n\r\nclass SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):\r\n[...]\r\n def do_GET(self):\r\n """Serve a GET request."""\r\n f = self.send_head()\r\n if f:\r\n try:\r\n self.copyfile(f, self.wfile)\r\n finally:\r\n f.close()\r\n\r\n def do_HEAD(self):\r\n """Serve a HEAD request."""\r\n f = self.send_head()\r\n if f:\r\n f.close()\r\n\r\n def translate_path(self, path):\r\n [...]\r\n path = posixpath.normpath(urllib.unquote(path))\r\n words = path.split('/')\r\n words = filter(None, words)\r\n path = os.getcwd()\r\n [...]\r\n\r\nThe CGIHTTPRequestHandler class inherits, among others, the methods\r\ndo_GET() and do_HEAD() for handling HTTP GET and HTTP HEAD requests. The\r\nclass overrides send_head() and implements several new methods, such as\r\ndo_POST(), is_cgi() and run_cgi():\r\n\r\nclass CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):\r\n[...]\r\n def do_POST(self):\r\n [...]\r\n if self.is_cgi():\r\n self.run_cgi()\r\n else:\r\n self.send_error(501, "Can only POST to CGI scripts")\r\n\r\n def send_head(self):\r\n """Version of send_head that support CGI scripts"""\r\n if self.is_cgi():\r\n return self.run_cgi()\r\n else:\r\n return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)\r\n\r\n def is_cgi(self):\r\n [...]\r\n collapsed_path = _url_collapse_path(self.path)\r\n dir_sep = collapsed_path.find('/', 1)\r\n head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]\r\n if head in self.cgi_directories:\r\n self.cgi_info = head, tail\r\n return True\r\n return False\r\n[...]\r\n def run_cgi(self):\r\n """Execute a CGI script."""\r\n dir, rest = self.cgi_info\r\n\r\n [...]\r\n\r\n # dissect the part after the directory name into a script name &\r\n # a possible additional path, to be stored in PATH_INFO.\r\n i = rest.find('/')\r\n if i >= 0:\r\n script, rest = rest[:i], rest[i:]\r\n else:\r\n script, rest = rest, ''\r\n\r\n scriptname = dir + '/' + script\r\n scriptfile = self.translate_path(scriptname)\r\n if not os.path.exists(scriptfile):\r\n self.send_error(404, "No such CGI script (%r)" % scriptname)\r\n return\r\n if not os.path.isfile(scriptfile):\r\n self.send_error(403, "CGI script is not a plain file (%r)" %\r\n scriptname)\r\n return\r\n [...]\r\n[...]\r\n\r\nFor HTTP GET requests, do_GET() first invokes send_head(). That method\r\ncalls is_cgi() to determine whether the requested path is to be executed\r\nas a CGI script. The is_cgi() method uses _url_collapse_path() to\r\nnormalize the path, i.e. remove extraneous slashes (/),current directory\r\n(.), or parent directory (..) elements, taking care not to permit\r\ndirectory traversal below the document root. The is_cgi() function\r\nreturns True when the first path element is contained in the\r\ncgi_directories list. As _url_collaps_path() and is_cgi() never URL\r\ndecode the path, replacing the forward slash after the CGI directory in\r\nthe URL to a CGI script with the URL encoded variant %2f leads to\r\nis_cgi() returning False. This will make CGIHTTPRequestHandler's\r\nsend_head() then invoke its parent's send_head() method which translates\r\nthe URL path to a file system path using the translate_path() method and\r\nthen outputs the file's contents raw. As translate_path() URL decodes\r\nthe path, this then succeeds and discloses the CGI script's file\r\ncontents:\r\n\r\n$ curl http://localhost:8000/cgi-bin%2ftest.py\r\n#!/usr/bin/env python2\r\nimport json\r\nimport sys\r\n\r\ndb_credentials = "SECRET"\r\nsys.stdout.write("Content-type: text/json\r\n\r\n")\r\nsys.stdout.write(json.dumps({"text": "This is a Test"}))\r\n\r\nSimilarly, the CGIHTTPRequestHandler can be tricked into executing CGI\r\nscripts that would normally not be executable. The class normally only\r\nallows executing CGI scripts that are direct children of one of the\r\ndirectories listed in cgi_directories. Furthermore, only direct\r\nsubdirectories of the document root (the current working directory) can\r\nbe valid CGI directories.\r\n\r\nThis can be seen in the following example. Even though the sample server\r\nshown above includes "/cgi-bin/subdir" as part of the request handler's\r\ncgi_directories, a CGI script named test.py in that directory is not\r\nexecuted:\r\n\r\n$ curl http://localhost:8000/cgi-bin/subdir/test.py\r\n[...]\r\n<p>Error code 403.\r\n<p>Message: CGI script is not a plain file ('/cgi-bin/subdir').\r\n[...]\r\n\r\nHere, is_cgi() set self.cgi_info to ('/cgi-bin', 'subdir/test.py') and\r\nreturned True. Next, run_cgi() further dissected these paths to perform\r\nsome sanity checks, thereby mistakenly assuming subdir to be the\r\nexecutable script's filename and test.py to be path info. As subdir is\r\nnot an executable file, run_cgi() returns an error message. However, if\r\nthe forward slash between subdir and test.py is replaced with %2f,\r\ninvoking the script succeeds:\r\n\r\n$ curl http://localhost:8000/cgi-bin/subdir%2ftest.py\r\n{"text": "This is a Test"}\r\n\r\nThis is because neither is_cgi() nor run_cgi() URL decode the path\r\nduring processing until run_cgi() tries to determine whether the target\r\nscript is an executable file. More specifically, as subdir%2ftest.py\r\ndoes not contain a forward slash, it is not split into the script name\r\nsubdir and path info test.py, as in the previous example.\r\n\r\nSimilarly, using URL encoded forward slashes, executables outside of a\r\nCGI directory can be executed:\r\n\r\n$ curl http://localhost:8000/cgi-bin/..%2ftraversed.py\r\n{"text": "This is a Test"}\r\n\r\n\r\nWorkaround\r\n==========\r\n\r\nSubclass CGIHTTPRequestHandler and override the is_cgi() method with a\r\nvariant that first URL decodes the supplied path, for example:\r\n\r\nclass FixedCGIHTTPRequestHandler(CGIHTTPServer.CGIHTTPRequestHandler):\r\n def is_cgi(self):\r\n self.path = urllib.unquote(self.path)\r\n return CGIHTTPServer.CGIHTTPRequestHandler.is_cgi(self)\r\n\r\n\r\nFix\r\n===\r\n\r\nUpdate to the latest Python version from the Mercurial repository at\r\nhttp://hg.python.org/cpython/\r\n\r\n\r\nSecurity Risk\r\n=============\r\n\r\nThe vulnerability can be used to gain access to the contents of CGI\r\nbinaries or the source code of CGI scripts. This may reveal sensitve\r\ninformation, for example access credentials. This can greatly help\r\nattackers in mounting further attacks and is therefore considered to\r\npose a high risk. Furthermore attackers may be able to execute code that\r\nwas not intended to be executed. However, this is limited to files\r\nstored in the server's working directory or in its subdirectories.\r\n\r\nThe CGIHTTPServer code does contain this warning:\r\n"SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL"\r\nEven when used on a local computer this may allow other local users to\r\nexecute code in the context of another user.\r\n\r\n\r\nTimeline\r\n========\r\n\r\n2014-04-07 Vulnerability identified\r\n2014-06-11 Customer approved disclosure to vendor\r\n2014-06-11 Vendor notified\r\n2014-06-15 Vendor disclosed vulnerability in their public bug tracker\r\n and addressed it in public source code repository\r\n2014-06-23 CVE number requested\r\n2014-06-25 CVE number assigned\r\n2014-06-26 Advisory released\r\n\r\n\r\nReferences\r\n==========\r\n\r\nhttp://bugs.python.org/issue21766\r\n\r\n\r\nRedTeam Pentesting GmbH\r\n=======================\r\n\r\nRedTeam Pentesting offers individual penetration tests, short pentests,\r\nperformed by a team of specialised IT-security experts. Hereby, security\r\nweaknesses in company networks or products are uncovered and can be\r\nfixed immediately.\r\n\r\nAs there are only few experts in this field, RedTeam Pentesting wants to\r\nshare its knowledge and enhance the public knowledge with research in\r\nsecurity related areas. The results are made available as public\r\nsecurity advisories.\r\n\r\nMore information about RedTeam Pentesting can be found at\r\nhttps://www.redteam-pentesting.de.\r\n\r\n\r\n-- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachen https://www.redteam-pentesting.de Germany Registergericht: Aachen HRB 14004 Geschaftsfuhrer: Patrick Hof, Jens Liebchen\r\n\r\n", "modified": "2014-10-15T00:00:00", "published": "2014-10-15T00:00:00", "id": "SECURITYVULNS:DOC:31253", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31253", "title": "[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "description": "_json information leak, CGIHTTPServer unauthroized files access and code execution, lz4 integer overflow.", "modified": "2014-07-14T00:00:00", "published": "2014-07-14T00:00:00", "id": "SECURITYVULNS:VULN:13867", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13867", "title": "python security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "bulletinFamily": "unix", "description": "It was reported that Python 2.7.8 fixes a potential wraparound in\nbuffer() with possible CWE-200 implications. This could allow an\nattacker to access private information through information leakage.\n\nPoC:\n\n--- overflow.py ---\nimport sys\na = bytearray('here be dragons')\nb = buffer(a, sys.maxsize, sys.maxsize)\nprint b[:8192]\n-------------------", "modified": "2014-09-26T00:00:00", "published": "2014-09-26T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html", "id": "ASA-201409-3", "title": "python2: Information leakage through integer overflow", "type": "archlinux", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:44:47", "bulletinFamily": "unix", "description": "- CVE-2013-1752 (denial of service)\nMultiple unbound readline() flaws in python stdlib were found, which can\nlead to excessive memory usage if a malicious or broken server sends\nexcessively long lines without any line breaks.\n\n- CVE-2013-1753 (denial of service)\nThe XMLRPC library is vulnerable to unrestricted decompression of HTTP\nresponses using gzip enconding. A malicious server can send a specially\nprepared HTTP request that can result in memory exhaustion.\n\n- CVE-2014-9365 (man-in-the-middle)\nWhen Python's standard library HTTP clients (httplib, urllib, urllib2,\nxmlrpclib) are used to access resources with HTTPS, by default the\ncertificate is not checked against any trust store, nor is the hostname\nin the certificate checked against the requested host. It was possible\nto configure a trust root to be checked against, however there were no\nfaculties for hostname checking. This made MITM attacks against the HTTP\nclients trivial, and violated RFC 2818.", "modified": "2014-12-15T00:00:00", "published": "2014-12-15T00:00:00", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html", "id": "ASA-201412-15", "title": "python2: multiple issues", "type": "archlinux", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:14:25", "bulletinFamily": "exploit", "description": "", "modified": "2014-06-27T00:00:00", "published": "2014-06-27T00:00:00", "href": "https://packetstormsecurity.com/files/127241/Python-CGIHTTPServer-File-Disclosure-Code-Execution.html", "id": "PACKETSTORM:127241", "type": "packetstorm", "title": "Python CGIHTTPServer File Disclosure / Code Execution", "sourceData": "`Advisory: Python CGIHTTPServer File Disclosure and Potential Code \nExecution \n \nThe CGIHTTPServer Python module does not properly handle URL-encoded \npath separators in URLs. This may enable attackers to disclose a CGI \nscript's source code or execute arbitrary CGI scripts in the server's \ndocument root. \n \nDetails \n======= \n \nProduct: Python CGIHTTPServer \nAffected Versions: \n2.7 - 2.7.7, \n3.2 - 3.2.4, \n3.3 - 3.3.2, \n3.4 - 3.4.1, \n3.5 pre-release \nFixed Versions: \n2.7 rev b4bab0788768, \n3.2 rev e47422855841, \n3.3 rev 5676797f3a3e, \n3.4 rev 847e288d6e93, \n3.5 rev f8b3bb5eb190 \nVulnerability Type: File Disclosure, Directory Traversal, Code Execution \nSecurity Risk: high \nVendor URL: https://docs.python.org/2/library/cgihttpserver.html \nVendor Status: fixed version released \nAdvisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2014-008 \nAdvisory Status: published \nCVE: CVE-2014-4650 \nCVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650 \n \n \nIntroduction \n============ \n \nThe CGIHTTPServer module defines a request-handler class, interface \ncompatible with BaseHTTPServer. BaseHTTPRequestHandler and inherits \nbehavior from SimpleHTTPServer. SimpleHTTPRequestHandler but can also \nrun CGI scripts. \n \n(from the Python documentation) \n \n \nMore Details \n============ \n \nThe CGIHTTPServer module can be used to set up a simple HTTP server with \nCGI scripts. A sample server script in Python may look like the \nfollowing: \n \n------------------------------------------------------------------------ \n#!/usr/bin/env python2 \n \nimport CGIHTTPServer \nimport BaseHTTPServer \n \nif __name__ == \"__main__\": \nserver = BaseHTTPServer.HTTPServer \nhandler = CGIHTTPServer.CGIHTTPRequestHandler \nserver_address = (\"\", 8000) \n# Note that only /cgi-bin will work: \nhandler.cgi_directories = [\"/cgi-bin\", \"/cgi-bin/subdir\"] \nhttpd = server(server_address, handler) \nhttpd.serve_forever() \n------------------------------------------------------------------------ \n \nThis server should execute any scripts located in the subdirectory \n\"cgi-bin\". A sample CGI script can be placed in that directory, for \nexample a script like the following: \n \n------------------------------------------------------------------------ \n#!/usr/bin/env python2 \nimport json \nimport sys \n \ndb_credentials = \"SECRET\" \nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\") \nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"})) \n------------------------------------------------------------------------ \n \nThe Python library CGIHTTPServer.py implements the CGIHTTPRequestHandler \nclass which inherits from SimpleHTTPServer.SimpleHTTPRequestHandler: \n \nclass SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): \n[...] \ndef do_GET(self): \n\"\"\"Serve a GET request.\"\"\" \nf = self.send_head() \nif f: \ntry: \nself.copyfile(f, self.wfile) \nfinally: \nf.close() \n \ndef do_HEAD(self): \n\"\"\"Serve a HEAD request.\"\"\" \nf = self.send_head() \nif f: \nf.close() \n \ndef translate_path(self, path): \n[...] \npath = posixpath.normpath(urllib.unquote(path)) \nwords = path.split('/') \nwords = filter(None, words) \npath = os.getcwd() \n[...] \n \nThe CGIHTTPRequestHandler class inherits, among others, the methods \ndo_GET() and do_HEAD() for handling HTTP GET and HTTP HEAD requests. The \nclass overrides send_head() and implements several new methods, such as \ndo_POST(), is_cgi() and run_cgi(): \n \nclass CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): \n[...] \ndef do_POST(self): \n[...] \nif self.is_cgi(): \nself.run_cgi() \nelse: \nself.send_error(501, \"Can only POST to CGI scripts\") \n \ndef send_head(self): \n\"\"\"Version of send_head that support CGI scripts\"\"\" \nif self.is_cgi(): \nreturn self.run_cgi() \nelse: \nreturn SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self) \n \ndef is_cgi(self): \n[...] \ncollapsed_path = _url_collapse_path(self.path) \ndir_sep = collapsed_path.find('/', 1) \nhead, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:] \nif head in self.cgi_directories: \nself.cgi_info = head, tail \nreturn True \nreturn False \n[...] \ndef run_cgi(self): \n\"\"\"Execute a CGI script.\"\"\" \ndir, rest = self.cgi_info \n \n[...] \n \n# dissect the part after the directory name into a script name & \n# a possible additional path, to be stored in PATH_INFO. \ni = rest.find('/') \nif i >= 0: \nscript, rest = rest[:i], rest[i:] \nelse: \nscript, rest = rest, '' \n \nscriptname = dir + '/' + script \nscriptfile = self.translate_path(scriptname) \nif not os.path.exists(scriptfile): \nself.send_error(404, \"No such CGI script (%r)\" % scriptname) \nreturn \nif not os.path.isfile(scriptfile): \nself.send_error(403, \"CGI script is not a plain file (%r)\" % \nscriptname) \nreturn \n[...] \n[...] \n \nFor HTTP GET requests, do_GET() first invokes send_head(). That method \ncalls is_cgi() to determine whether the requested path is to be executed \nas a CGI script. The is_cgi() method uses _url_collapse_path() to \nnormalize the path, i.e. remove extraneous slashes (/),current directory \n(.), or parent directory (..) elements, taking care not to permit \ndirectory traversal below the document root. The is_cgi() function \nreturns True when the first path element is contained in the \ncgi_directories list. As _url_collaps_path() and is_cgi() never URL \ndecode the path, replacing the forward slash after the CGI directory in \nthe URL to a CGI script with the URL encoded variant %2f leads to \nis_cgi() returning False. This will make CGIHTTPRequestHandler's \nsend_head() then invoke its parent's send_head() method which translates \nthe URL path to a file system path using the translate_path() method and \nthen outputs the file's contents raw. As translate_path() URL decodes \nthe path, this then succeeds and discloses the CGI script's file \ncontents: \n \n$ curl http://localhost:8000/cgi-bin%2ftest.py \n#!/usr/bin/env python2 \nimport json \nimport sys \n \ndb_credentials = \"SECRET\" \nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\") \nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"})) \n \nSimilarly, the CGIHTTPRequestHandler can be tricked into executing CGI \nscripts that would normally not be executable. The class normally only \nallows executing CGI scripts that are direct children of one of the \ndirectories listed in cgi_directories. Furthermore, only direct \nsubdirectories of the document root (the current working directory) can \nbe valid CGI directories. \n \nThis can be seen in the following example. Even though the sample server \nshown above includes \"/cgi-bin/subdir\" as part of the request handler's \ncgi_directories, a CGI script named test.py in that directory is not \nexecuted: \n \n$ curl http://localhost:8000/cgi-bin/subdir/test.py \n[...] \n<p>Error code 403. \n<p>Message: CGI script is not a plain file ('/cgi-bin/subdir'). \n[...] \n \nHere, is_cgi() set self.cgi_info to ('/cgi-bin', 'subdir/test.py') and \nreturned True. Next, run_cgi() further dissected these paths to perform \nsome sanity checks, thereby mistakenly assuming subdir to be the \nexecutable script's filename and test.py to be path info. As subdir is \nnot an executable file, run_cgi() returns an error message. However, if \nthe forward slash between subdir and test.py is replaced with %2f, \ninvoking the script succeeds: \n \n$ curl http://localhost:8000/cgi-bin/subdir%2ftest.py \n{\"text\": \"This is a Test\"} \n \nThis is because neither is_cgi() nor run_cgi() URL decode the path \nduring processing until run_cgi() tries to determine whether the target \nscript is an executable file. More specifically, as subdir%2ftest.py \ndoes not contain a forward slash, it is not split into the script name \nsubdir and path info test.py, as in the previous example. \n \nSimilarly, using URL encoded forward slashes, executables outside of a \nCGI directory can be executed: \n \n$ curl http://localhost:8000/cgi-bin/..%2ftraversed.py \n{\"text\": \"This is a Test\"} \n \n \nWorkaround \n========== \n \nSubclass CGIHTTPRequestHandler and override the is_cgi() method with a \nvariant that first URL decodes the supplied path, for example: \n \nclass FixedCGIHTTPRequestHandler(CGIHTTPServer.CGIHTTPRequestHandler): \ndef is_cgi(self): \nself.path = urllib.unquote(self.path) \nreturn CGIHTTPServer.CGIHTTPRequestHandler.is_cgi(self) \n \n \nFix \n=== \n \nUpdate to the latest Python version from the Mercurial repository at \nhttp://hg.python.org/cpython/ \n \n \nSecurity Risk \n============= \n \nThe vulnerability can be used to gain access to the contents of CGI \nbinaries or the source code of CGI scripts. This may reveal sensitve \ninformation, for example access credentials. This can greatly help \nattackers in mounting further attacks and is therefore considered to \npose a high risk. Furthermore attackers may be able to execute code that \nwas not intended to be executed. However, this is limited to files \nstored in the server's working directory or in its subdirectories. \n \nThe CGIHTTPServer code does contain this warning: \n\"SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL\" \nEven when used on a local computer this may allow other local users to \nexecute code in the context of another user. \n \n \nTimeline \n======== \n \n2014-04-07 Vulnerability identified \n2014-06-11 Customer approved disclosure to vendor \n2014-06-11 Vendor notified \n2014-06-15 Vendor disclosed vulnerability in their public bug tracker \nand addressed it in public source code repository \n2014-06-23 CVE number requested \n2014-06-25 CVE number assigned \n2014-06-26 Advisory released \n \n \nReferences \n========== \n \nhttp://bugs.python.org/issue21766 \n \n \nRedTeam Pentesting GmbH \n======================= \n \nRedTeam Pentesting offers individual penetration tests, short pentests, \nperformed by a team of specialised IT-security experts. Hereby, security \nweaknesses in company networks or products are uncovered and can be \nfixed immediately. \n \nAs there are only few experts in this field, RedTeam Pentesting wants to \nshare its knowledge and enhance the public knowledge with research in \nsecurity related areas. The results are made available as public \nsecurity advisories. \n \nMore information about RedTeam Pentesting can be found at \nhttps://www.redteam-pentesting.de. \n \n \n-- \nRedTeam Pentesting GmbH Tel.: +49 241 510081-0 \nDennewartstr. 25-27 Fax : +49 241 510081-99 \n52068 Aachen https://www.redteam-pentesting.de \nGermany Registergericht: Aachen HRB 14004 \nGesch\u00e4ftsf\u00fchrer: Patrick Hof, Jens Liebchen \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/127241/rt-sa-2014-008.txt"}], "seebug": [{"lastseen": "2017-11-19T17:37:21", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2013-1752\u3001CVE-2013-4238\r\n\r\nPython\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u811a\u672c\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nPython\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u4f2a\u9020\u653b\u51fb\u548c\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n1\uff0cPython SSL\u6a21\u5757\u6ca1\u6709\u6b63\u786e\u5904\u7406\u670d\u52a1\u5668SSL\u8bc1\u4e66\u4e2d\u7684"subjectAltNames"\u901a\u7528\u540d\u7684\u7a7a\u5b57\u8282\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u901a\u8fc7\u4e2d\u95f4\u4eba\u653b\u51fb\u8fdb\u884c\u670d\u52a1\u5668\u4f2a\u9020\u653b\u51fb\uff0c\u53ef\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\r\n2\uff0c\u4e0d\u53d7\u9650\u7684\u8c03\u7528Lib/httplib.py\u4e2d\u7684"readline()"\u53ef\u5bfc\u81f4\u6d88\u8017\u5927\u91cf\u5185\u5b58\u8d44\u6e90\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n3\uff0c\u4e0d\u53d7\u9650\u7684\u8c03\u7528Lib/ftplib.py\u4e2d\u7684"readline()"\u53ef\u5bfc\u81f4\u6d88\u8017\u5927\u91cf\u5185\u5b58\u8d44\u6e90\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n4\uff0c\u4e0d\u53d7\u9650\u7684\u8c03\u7528Lib/imaplib.py\u4e2d\u7684"readline()"\u53ef\u5bfc\u81f4\u6d88\u8017\u5927\u91cf\u5185\u5b58\u8d44\u6e90\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n5\uff0c\u4e0d\u53d7\u9650\u7684\u8c03\u7528Lib/nntplib.py\u4e2d\u7684"readline()"\u53ef\u5bfc\u81f4\u6d88\u8017\u5927\u91cf\u5185\u5b58\u8d44\u6e90\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n6\uff0c\u4e0d\u53d7\u9650\u7684\u8c03\u7528Lib/poplib.py\u4e2d\u7684"readline()"\u53ef\u5bfc\u81f4\u6d88\u8017\u5927\u91cf\u5185\u5b58\u8d44\u6e90\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n7\uff0c\u4e0d\u53d7\u9650\u7684\u8c03\u7528Lib/smtplib.py\u4e2d\u7684"readline()"\u53ef\u5bfc\u81f4\u6d88\u8017\u5927\u91cf\u5185\u5b58\u8d44\u6e90\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\n0\nPython 2.6.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPython\r\n-----\r\nPython 2.6.9\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\n\r\nhttp://www.python.org", "modified": "2013-12-30T00:00:00", "published": "2013-12-30T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61235", "id": "SSV:61235", "type": "seebug", "title": "Python\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:48", "bulletinFamily": "unix", "description": "### Background\n\nPython is an interpreted, interactive, object-oriented programming language. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker may be able to execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Python 3.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-3.3.5-r1\"\n \n\nAll Python 2.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.7.9-r1\"", "modified": "2015-06-17T00:00:00", "published": "2015-03-18T00:00:00", "id": "GLSA-201503-10", "href": "https://security.gentoo.org/glsa/201503-10", "type": "gentoo", "title": "Python: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:37:29", "bulletinFamily": "unix", "description": "New python packages are available for Slackware 14.0, 14.1, 14.2, and -current\nto fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/python-2.7.16-i586-1_slack14.2.txz: Upgraded.\n Updated to the latest 2.7.x release, which fixes a few security issues.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/python-2.7.16-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/python-2.7.16-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/python-2.7.16-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/python-2.7.16-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/python-2.7.16-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/python-2.7.16-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python-2.7.16-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python-2.7.16-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n5e98580251cc7845521d37e959e47c70 python-2.7.16-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nec38b3c824e1f86533ec75ade4fbccfc python-2.7.16-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n099c67e46e5683c13a473556557a574c python-2.7.16-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n31c815fd268b9c4cfe595277e9bcbb9f python-2.7.16-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nf797b633aef2d9bd0ed2e6e39287436b python-2.7.16-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\nb24ef94170c220bf8aed8401e2b57f74 python-2.7.16-x86_64-1_slack14.2.txz\n\nSlackware -current package:\ne92ffbf153e9bcc653500bef5edeed78 d/python-2.7.16-i586-1.txz\n\nSlackware x86_64 -current package:\n30c08469226ff6afd52f3f0df28340d5 d/python-2.7.16-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg python-2.7.16-i586-1_slack14.2.txz", "modified": "2019-03-03T14:46:15", "published": "2019-03-03T14:46:15", "id": "SSA-2019-062-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.428727", "title": "python", "type": "slackware", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
