Debian DSA-458-3 : python2.2 - buffer overflow

2004-09-29T00:00:00
ID DEBIAN_DSA-458.NASL
Type nessus
Reporter Tenable
Modified 2018-07-20T00:00:00

Description

This security advisory corrects DSA 458-2 which caused a problem in the gethostbyaddr routine.

The original advisory said :

Sebastian Schmidt discovered a buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.

This bug only exists in python 2.2 and 2.2.1, and only when IPv6 support is disabled. The python2.2 package in Debian woody meets these conditions (the 'python' package does not).

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-458. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(15295);
  script_version("1.18");
  script_cvs_date("Date: 2018/07/20  2:17:11");

  script_cve_id("CVE-2004-0150");
  script_bugtraq_id(9836);
  script_xref(name:"DSA", value:"458");

  script_name(english:"Debian DSA-458-3 : python2.2 - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This security advisory corrects DSA 458-2 which caused a problem in
the gethostbyaddr routine.

The original advisory said :

  Sebastian Schmidt discovered a buffer overflow bug in Python's
  getaddrinfo function, which could allow an IPv6 address, supplied by
  a remote attacker via DNS, to overwrite memory on the stack.

  This bug only exists in python 2.2 and 2.2.1, and only when IPv6
  support is disabled. The python2.2 package in Debian woody meets
  these conditions (the 'python' package does not)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=269548"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2004/dsa-458"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"For the stable distribution (woody), this bug has been fixed in
version 2.2.1-4.6.

The testing and unstable distribution (sarge and sid) are not affected
by this problem.

We recommend that you update your python2.2 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/10/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"idle-python2.2", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-dev", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-doc", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-elisp", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-examples", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-gdbm", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-mpz", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-tk", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-xmlbase", reference:"2.2.1-4.6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");