Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2022 Tenable Network Security, Inc.MANDRIVA_MDVSA-2012-096.NASL
HistoryJun 21, 2012 - 12:00 a.m.

Mandriva Linux Security Advisory : python (MDVSA-2012:096)

2012-06-2100:00:00
This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.
www.tenable.com
23
JSON

Multiple vulnerabilities has been discovered and corrected in python :

The _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389).

A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers) (CVE-2011-4940).

A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user’s .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944).

A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer (CVE-2012-0845).

Hash table collisions CPU usage DoS for the embedded copy of expat (CVE-2012-0876).

A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions (CVE-2012-1150).

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2012:096. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(59635);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2011-3389",
    "CVE-2011-4940",
    "CVE-2011-4944",
    "CVE-2012-0845",
    "CVE-2012-0876",
    "CVE-2012-1150"
  );
  script_bugtraq_id(
    49778,
    51239,
    51996,
    52379,
    52732,
    54083
  );
  script_xref(name:"MDVSA", value:"2012:096");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"Mandriva Linux Security Advisory : python (MDVSA-2012:096)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mandriva Linux host is missing one or more security
updates.");
  script_set_attribute(attribute:"description", value:
"Multiple vulnerabilities has been discovered and corrected in python :

The _ssl module would always disable the CBC IV attack countermeasure
(CVE-2011-3389).

A flaw was found in the way the Python SimpleHTTPServer module
generated directory listings. An attacker able to upload a file with a
specially crafted name to a server could possibly perform a cross-site
scripting (XSS) attack against victims visiting a listing page
generated by SimpleHTTPServer, for a directory containing the crafted
file (if the victims were using certain web browsers) (CVE-2011-4940).

A race condition was found in the way the Python distutils module set
file permissions during the creation of the .pypirc file. If a local
user had access to the home directory of another user who is running
distutils, they could use this flaw to gain access to that user's
.pypirc file, which can contain usernames and passwords for code
repositories (CVE-2011-4944).

A flaw was found in the way the Python SimpleXMLRPCServer module
handled clients disconnecting prematurely. A remote attacker could use
this flaw to cause excessive CPU consumption on a server using
SimpleXMLRPCServer (CVE-2012-0845).

Hash table collisions CPU usage DoS for the embedded copy of expat
(CVE-2012-0876).

A denial of service flaw was found in the implementation of
associative arrays (dictionaries) in Python. An attacker able to
supply a large number of inputs to a Python application (such as HTTP
POST request parameters sent to a web application) that are used as
keys when inserting data into an array could trigger multiple hash
function collisions, making array operations take an excessive amount
of CPU time. To mitigate this issue, randomization has been added to
the hash function to reduce the chance of an attacker successfully
causing intentional collisions (CVE-2012-1150).

The updated packages have been patched to correct these issues.");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python2.6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python2.6-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpython2.6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libpython2.6-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter-apps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Mandriva Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2022 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64python2.6-2.6.5-2.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64python2.6-devel-2.6.5-2.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpython2.6-2.6.5-2.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libpython2.6-devel-2.6.5-2.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"python-2.6.5-2.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"python-docs-2.6.5-2.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"tkinter-2.6.5-2.5mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"tkinter-apps-2.6.5-2.5mdv2010.2", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64python2.6p-cpe:/a:mandriva:linux:lib64python2.6
mandrivalinuxlib64python2.6-develp-cpe:/a:mandriva:linux:lib64python2.6-devel
mandrivalinuxlibpython2.6p-cpe:/a:mandriva:linux:libpython2.6
mandrivalinuxlibpython2.6-develp-cpe:/a:mandriva:linux:libpython2.6-devel
mandrivalinuxpythonp-cpe:/a:mandriva:linux:python
mandrivalinuxpython-docsp-cpe:/a:mandriva:linux:python-docs
mandrivalinuxtkinterp-cpe:/a:mandriva:linux:tkinter
mandrivalinuxtkinter-appsp-cpe:/a:mandriva:linux:tkinter-apps
mandrivalinux2010.1cpe:/o:mandriva:linux:2010.1

Related

openvas 82
securityvulns 3
oraclelinux 2
nessus 43
veracode 5
amazon 2
redhat 2
centos 2
f5 1
ubuntu 6
fedora 17
osv 1
debian 1
vmware 1
prion 4
debiancve 4
jvn 1
seebug 4
cve 5
ubuntucve 4
ibm 5
freebsd 1
checkpoint_advisories 1
checkpoint_security 1
cert 1
openvas
openvas
Mandriva Update for python MDVSA-2012:096 (python)
2012-06-22 00:00:00
Mandriva Update for python MDVSA-2012:096 (python)
2012-06-22 00:00:00
Mandriva Update for python MDVSA-2012:097 (python)
2012-06-22 00:00:00
securityvulns
securityvulns
[ MDVSA-2012:096-1 ] python
2012-07-09 00:00:00
python multiple security vulnerabilities
2012-07-29 00:00:00
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
2014-05-05 00:00:00
oraclelinux
oraclelinux
python security update
2012-06-18 00:00:00
python security update
2012-06-18 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : python (MDVSA-2012:097)
2012-09-06 00:00:00
Amazon Linux AMI : python26 (ALAS-2012-98)
2013-09-04 00:00:00
CentOS 6 : python (CESA-2012:0744)
2012-06-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:41:53
Information Disclosure
2019-05-02 04:41:53
Cross-site Scripting (XSS)
2019-01-15 08:52:09
amazon
amazon
Low: python26
2012-07-05 16:16:00
Medium: python27
2012-05-21 16:52:00
redhat
redhat
(RHSA-2012:0744) Moderate: python security update
2012-06-18 00:00:00
(RHSA-2012:0745) Moderate: python security update
2012-06-18 00:00:00
centos
centos
python, tkinter security update
2012-06-18 16:35:36
python, tkinter security update
2012-06-18 13:11:45
f5
f5
K75910138 : Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150
2018-09-11 00:00:00
ubuntu
ubuntu
Python 2.7 vulnerabilities
2012-10-02 00:00:00
Python 3.2 vulnerabilities
2012-10-23 00:00:00
Python 2.6 vulnerabilities
2012-10-04 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: python-docs-2.7.3-1.fc16
2012-05-06 01:26:43
[SECURITY] Fedora 17 Update: python-docs-2.7.3-1.fc17
2012-05-02 04:50:10
[SECURITY] Fedora 17 Update: python3-3.2.3-5.fc17
2012-05-07 04:17:07
osv
osv
python2.6 - security update
2014-07-31 00:00:00
debian
debian
[DLA 25-1] python2.6 security update
2014-07-31 21:07:32
vmware
vmware
VMware security updates for vSphere API and ESX Service Console
2012-11-15 00:00:00
prion
prion
Cross site scripting
2012-06-27 10:18:00
Race condition
2012-08-27 23:55:00
Code injection
2012-10-05 21:55:00
debiancve
debiancve
CVE-2011-4940
2012-06-27 10:18:00
CVE-2011-4944
2012-08-27 23:55:00
CVE-2012-1150
2012-10-05 21:55:00
jvn
jvn
JVN#51176027: Python SimpleHTTPServer vulnerable to cross-site scripting
2012-06-19 00:00:00
seebug
seebug
Python SimpleHTTPServer 'list_directory()'函数跨站脚本漏洞
2012-06-23 00:00:00
python 'distutils' Component '~/.pypirc'本地竞争条件漏洞
2012-03-29 00:00:00
Python哈希冲突拒绝服务漏洞(CVE-2012-1150)
2012-10-10 00:00:00
cve
cve
CVE-2011-4940
2012-06-27 10:18:00
CVE-2011-4944
2012-08-27 23:55:00
CVE-2012-1150
2012-10-05 21:55:00
ubuntucve
ubuntucve
CVE-2011-4944
2012-08-27 00:00:00
CVE-2012-1150
2012-03-09 00:00:00
CVE-2012-0876
2012-07-03 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in python 2.6.4 used in OS Image for AIX shipped with IBM Cloud Pak System
2020-05-06 11:57:04
Security Bulletin: BEAST security vulnerability in IBM Tivoli Netcool Performance Manager for Wireline( CVE-2011-3389)
2020-08-25 12:33:00
Security Bulletin: Vulnerability in Transport Layer Security Protocol Used in IBM System Networking Ethernet Switches (CVE-2011-3389)
2023-04-14 14:32:25
freebsd
freebsd
Python -- DoS via malformed XML-RPC / HTTP POST request
2012-02-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Web Servers SSL Flooding Denial of Service (CVE-2011-3389)
2011-11-06 00:00:00
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
JSON
Related for MANDRIVA_MDVSA-2012-096.NASL
openvas82securityvulns3oraclelinux2nessus43veracode5amazon2redhat2centos2f51ubuntu6fedora17osv1debian1vmware1prion4debiancve4jvn1seebug4cve5ubuntucve4ibm5freebsd1checkpoint_advisories1checkpoint_security1cert1