Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2023-1709.NASL
HistoryMay 07, 2023 - 12:00 a.m.

EulerOS Virtualization 3.0.2.0 : python (EulerOS-SA-2023-1709)

2023-05-0700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 (CVE-2015-20107)

  • A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. (CVE-2021-4189)

  • A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like ‘\r’ and ‘\n’ in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. (CVE-2022-0391)

  • An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname.
    For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. (CVE-2022-45061)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(175183);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/07");

  script_cve_id(
    "CVE-2015-20107",
    "CVE-2021-4189",
    "CVE-2022-0391",
    "CVE-2022-45061"
  );

  script_name(english:"EulerOS Virtualization 3.0.2.0 : python (EulerOS-SA-2023-1709)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

  - In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands
    discovered in the system mailcap file. This may allow attackers to inject shell commands into applications
    that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or
    arguments). The fix is also back-ported to 3.7, 3.8, 3.9 (CVE-2015-20107)

  - A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV
    (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This
    flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back
    to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which
    otherwise would not have been possible. (CVE-2021-4189)

  - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform
    Resource Locator (URL) strings into components. The issue involves how the urlparse method does not
    sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to
    input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1,
    3.9.5, 3.8.11, 3.7.11 and 3.6.14. (CVE-2022-0391)

  - An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path
    when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name
    being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by
    remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger
    excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname.
    For example, the attack payload could be placed in the Location header of an HTTP response with status
    code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. (CVE-2022-45061)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1709
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?839db484");
  script_set_attribute(attribute:"solution", value:
"Update the affected python packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-20107");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "python-2.7.5-69.h42",
  "python-devel-2.7.5-69.h42",
  "python-libs-2.7.5-69.h42",
  "python-tools-2.7.5-69.h42"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
}
VendorProductVersionCPE
huaweieulerospythonp-cpe:/a:huawei:euleros:python
huaweieulerospython-develp-cpe:/a:huawei:euleros:python-devel
huaweieulerospython-libsp-cpe:/a:huawei:euleros:python-libs
huaweieulerospython-toolsp-cpe:/a:huawei:euleros:python-tools
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.2.0

Related

openvas 65
mageia 1
almalinux 3
nessus 62
oraclelinux 4
redhat 5
osv 12
redos 2
fedora 17
ubuntu 4
photon 2
cloudfoundry 2
suse 5
debian 1
debiancve 1
cbl_mariner 3
ibm 2
rocky 3
veracode 1
alpinelinux 1
prion 1
ubuntucve 1
cve 1
openvas
openvas
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2023-1709)
2023-05-08 00:00:00
Mageia: Security Advisory (MGASA-2022-0367)
2022-10-14 00:00:00
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2022-1581)
2022-04-25 00:00:00
mageia
mageia
Updated python packages fix security vulnerability
2022-10-13 23:05:19
almalinux
almalinux
Moderate: python3 security update
2022-09-13 00:00:00
Moderate: python39:3.9 and python39-devel:3.9 security update
2022-11-08 00:00:00
Moderate: python38:3.8 and python38-devel:3.8 security update
2022-11-08 00:00:00
nessus
nessus
AlmaLinux 8 : python3 (ALSA-2022:6457)
2022-10-08 00:00:00
Oracle Linux 8 : python3 (ELSA-2022-6457)
2022-09-13 00:00:00
RHEL 8 : python3 (RHSA-2022:6457)
2022-09-13 00:00:00
oraclelinux
oraclelinux
python3 security update
2022-09-14 00:00:00
python39:3.9 and python39-devel:3.9 security update
2022-11-15 00:00:00
python38:3.8 and python38-devel:3.8 security update
2022-11-15 00:00:00
redhat
redhat
(RHSA-2022:6457) Moderate: python3 security update
2022-09-13 07:37:08
(RHSA-2022:1663) Moderate: python27-python and python27-python-pip security update
2022-05-02 07:48:36
(RHSA-2022:7592) Moderate: python39:3.9 and python39-devel:3.9 security update
2022-11-08 06:23:46
osv
osv
Moderate: python3 security update
2022-09-13 00:00:00
python2.7 vulnerabilities
2022-08-24 08:56:59
python2.7, python3.4, python3.5, python3.6, python3.8 vulnerabilities
2022-03-28 09:39:26
redos
redos
ROS-20220407-03
2022-04-07 00:00:00
ROS-20230915-15
2023-09-15 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: python2.7-2.7.18-20.fc34
2022-02-24 23:27:18
[SECURITY] Fedora 35 Update: python2.7-2.7.18-20.fc35
2022-02-24 23:09:24
[SECURITY] Fedora 36 Update: python3.9-3.9.13-2.fc36
2022-06-19 00:38:30
ubuntu
ubuntu
Python vulnerabilities
2022-08-24 00:00:00
Python vulnerability
2022-05-23 00:00:00
Python vulnerabilities
2022-03-28 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0463
2022-10-05 00:00:00
Critical Photon OS Security Update - PHSA-2022-0213
2022-07-15 00:00:00
cloudfoundry
cloudfoundry
USN-5342-1: Python vulnerabilities | Cloud Foundry
2022-05-23 00:00:00
USN-5519-1: Python vulnerability | Cloud Foundry
2022-08-26 00:00:00
suse
suse
Security update for python (moderate)
2022-04-01 00:00:00
Security update for python3 (important)
2022-07-12 00:00:00
Security update for python310 (important)
2022-07-06 00:00:00
debian
debian
[SECURITY] [DLA 3477-1] python3.7 security update
2023-06-30 20:52:04
debiancve
debiancve
CVE-2015-20107
2022-04-13 16:15:00
cbl_mariner
cbl_mariner
CVE-2015-20107 affecting package python3 3.7.13-3
2022-10-13 00:40:13
CVE-2015-20107 affecting package python3 3.9.13-3
2022-09-16 06:05:37
CVE-2015-20107 affecting package python2 2.7.18-10
2022-10-13 00:40:13
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution due to CVE-2015-20107
2022-12-01 16:39:02
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary commands execution in Python (CVE-2015-20107)
2023-04-06 19:12:16
rocky
rocky
python27:2.7 security update
2022-11-08 06:23:47
python39:3.9 and python39-devel:3.9 security update
2022-11-08 06:23:46
python38:3.8 and python38-devel:3.8 security update
2022-11-08 06:23:36
veracode
veracode
Command Injection
2022-07-15 16:59:03
alpinelinux
alpinelinux
CVE-2015-20107
2022-04-13 16:15:00
prion
prion
Input validation
2022-04-13 16:15:00
ubuntucve
ubuntucve
CVE-2015-20107
2022-04-13 00:00:00
cve
cve
CVE-2015-20107
2022-04-13 16:15:00
JSON
Related for EULEROS_SA-2023-1709.NASL
openvas65mageia1almalinux3nessus62oraclelinux4redhat5osv12redos2fedora17ubuntu4photon2cloudfoundry2suse5debian1debiancve1cbl_mariner3ibm2rocky3veracode1alpinelinux1prion1ubuntucve1cve1