Debian DSA-458-3 : python2.2 - buffer overflow

2004-09-2900:00:00

www.tenable.com

JSON

This security advisory corrects DSA 458-2 which caused a problem in the gethostbyaddr routine.

The original advisory said :

Sebastian Schmidt discovered a buffer overflow bug in Python’s getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.

This bug only exists in python 2.2 and 2.2.1, and only when IPv6 support is disabled. The python2.2 package in Debian woody meets these conditions (the ‘python’ package does not).

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-458. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15295);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2004-0150");
  script_bugtraq_id(9836);
  script_xref(name:"DSA", value:"458");

  script_name(english:"Debian DSA-458-3 : python2.2 - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This security advisory corrects DSA 458-2 which caused a problem in
the gethostbyaddr routine.

The original advisory said :

  Sebastian Schmidt discovered a buffer overflow bug in Python's
  getaddrinfo function, which could allow an IPv6 address, supplied by
  a remote attacker via DNS, to overwrite memory on the stack.

  This bug only exists in python 2.2 and 2.2.1, and only when IPv6
  support is disabled. The python2.2 package in Debian woody meets
  these conditions (the 'python' package does not)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=269548"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2004/dsa-458"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"For the stable distribution (woody), this bug has been fixed in
version 2.2.1-4.6.

The testing and unstable distribution (sarge and sid) are not affected
by this problem.

We recommend that you update your python2.2 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/10/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"idle-python2.2", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-dev", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-doc", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-elisp", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-examples", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-gdbm", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-mpz", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-tk", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-xmlbase", reference:"2.2.1-4.6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxpython2.2p-cpe:/a:debian:debian_linux:python2.2
debiandebian_linux3.0cpe:/o:debian:debian_linux:3.0

Vendor	Product	Version	CPE
debian	debian_linux	python2.2	p-cpe:/a:debian:debian_linux:python2.2
debian	debian_linux	3.0	cpe:/o:debian:debian_linux:3.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=248946

bugs.debian.org/cgi-bin/bugreport.cgi?bug=269548

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0150

www.debian.org/security/2004/dsa-458

JSON

Related for DEBIAN_DSA-458.NASL