Fedora 11 : python-paste-1.7.4-1.fc11 (2010-10400)

2010-07-01T00:00:00
ID FEDORA_2010-10400.NASL
Type nessus
Reporter Tenable
Modified 2018-07-12T00:00:00

Description

1.7.4 * The only real change is to paste.httpexceptions, which was using insecure quoting of some parameters and allowed an XSS hole, most specifically with its 404 messages. The most notably WSGI application using this is paste.urlparse.StaticURLParser and PkgResourcesParser. By directing someone to an appropriately formed URL an attacker can execute arbitrary JavaScript on the victim's client. paste.urlmap.URLMap is also affected, but only if you have no application attached to /. Other applications using paste.httpexceptions may be effected (especially HTTPNotFound). WebOb/webob.exc.HTTPNotFound is not affected. 1.7.3 * Fix paste.httpserver on Python 2.6. * Fix paste.auth.cookie, which would insert newlines for long cookies. * paste.util.mimeparse parses a single * in Accept headers (sent by IE 6). * Fix some problems with the wdg_validate middleware.

  • Improvements to paste.auth.auth_tkt: add httponly support, don't always aggressively set cookies without the wildcard_cookie option. Also on logout, make cookies expire. * In paste.proxy.Proxy handle Content-Length of -1. * In paste.httpexceptions avoid some unicode errors.

    • In paste.httpserver handle .read() from 100 Continue properly (because of a typo it was doing a readline).
  • Update paste.util.mimeparse from upstream. http://pythonpaste.org/news.html

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-10400.
#

include("compat.inc");

if (description)
{
  script_id(47228);
  script_version("1.9");
  script_cvs_date("Date: 2018/07/12 15:01:51");

  script_xref(name:"FEDORA", value:"2010-10400");

  script_name(english:"Fedora 11 : python-paste-1.7.4-1.fc11 (2010-10400)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"***1.7.4*** * The only real change is to paste.httpexceptions, which
was using insecure quoting of some parameters and allowed an XSS hole,
most specifically with its 404 messages. The most notably WSGI
application using this is paste.urlparse.StaticURLParser and
PkgResourcesParser. By directing someone to an appropriately formed
URL an attacker can execute arbitrary JavaScript on the victim's
client. paste.urlmap.URLMap is also affected, but only if you have no
application attached to /. Other applications using
paste.httpexceptions may be effected (especially HTTPNotFound).
WebOb/webob.exc.HTTPNotFound is not affected. ***1.7.3*** * Fix
paste.httpserver on Python 2.6. * Fix paste.auth.cookie, which would
insert newlines for long cookies. * paste.util.mimeparse parses a
single * in Accept headers (sent by IE 6). * Fix some problems with
the wdg_validate middleware.

  - Improvements to paste.auth.auth_tkt: add httponly
    support, don't always aggressively set cookies without
    the wildcard_cookie option. Also on logout, make cookies
    expire. * In paste.proxy.Proxy handle Content-Length of
    -1. * In paste.httpexceptions avoid some unicode errors.
    * In paste.httpserver handle .read() from 100 Continue
    properly (because of a typo it was doing a readline).

  - Update paste.util.mimeparse from upstream.
    http://pythonpaste.org/news.html

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://pythonpaste.org/news.html"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/043453.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8809be99"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected python-paste package."
  );
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-paste");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/06/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC11", reference:"python-paste-1.7.4-1.fc11")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-paste");
}