EulerOS Virtualization 2.5.3 python vulnerabilitie
Reporter | Title | Published | Views | Family All 186 |
---|---|---|---|---|
Fedora | [SECURITY] Fedora 27 Update: python3-3.6.5-1.fc27 | 9 Apr 201819:10 | – | fedora |
Fedora | [SECURITY] Fedora 27 Update: python-pip-9.0.3-1.fc27 | 9 Apr 201819:10 | – | fedora |
Fedora | [SECURITY] Fedora 26 Update: python3-docs-3.6.5-1.fc26 | 9 Apr 201818:36 | – | fedora |
Fedora | [SECURITY] Fedora 27 Update: python3-docs-3.6.5-1.fc27 | 9 Apr 201819:10 | – | fedora |
Fedora | [SECURITY] Fedora 26 Update: python3-3.6.5-1.fc26 | 9 Apr 201818:36 | – | fedora |
Fedora | [SECURITY] Fedora 28 Update: python3-3.6.5-1.fc28 | 6 Apr 201811:10 | – | fedora |
Fedora | [SECURITY] Fedora 28 Update: python34-3.4.9-2.fc28 | 16 Aug 201808:08 | – | fedora |
Fedora | [SECURITY] Fedora 26 Update: python-pip-9.0.3-1.fc26 | 9 Apr 201818:36 | – | fedora |
Fedora | [SECURITY] Fedora 27 Update: python34-3.4.9-2.fc27 | 16 Aug 201807:24 | – | fedora |
Fedora | [SECURITY] Fedora 30 Update: python35-3.5.7-1.fc30 | 29 Mar 201919:39 | – | fedora |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(123714);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");
script_cve_id("CVE-2018-1060", "CVE-2018-1061");
script_name(english:"EulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1246)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the python packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- A flaw was found in the way catastrophic backtracking
was implemented in python's pop3lib's apop() method. An
attacker could use this flaw to cause denial of
service.i1/4^CVE-2018-1060i1/4%0
- A flaw was found in the way catastrophic backtracking
was implemented in python's difflib.IS_LINE_JUNK
method. An attacker could use this flaw to cause denial
of service.i1/4^CVE-2018-1061i1/4%0
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1246
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d5050d11");
script_set_attribute(attribute:"solution", value:
"Update the affected python packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1061");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tkinter");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.5.3") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.3");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["python-2.7.5-58.h10",
"python-devel-2.7.5-58.h10",
"python-libs-2.7.5-58.h10",
"python-tools-2.7.5-58.h10",
"tkinter-2.7.5-58.h10"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo