Mandriva Linux Security Advisory : python (MDVSA-2014:135)
2014-07-11T00:00:00
ID MANDRIVA_MDVSA-2014-135.NASL Type nessus Reporter Tenable Modified 2018-07-19T00:00:00
Description
Updated python and python-simplejson package fixes security vulnerability
Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).
This issue also affected the python-simplejson package, which has been patched to fix the bug.
#%NASL_MIN_LEVEL 70103
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2014:135.
# The text itself is copyright (C) Mandriva S.A.
#
include("compat.inc");
if (description)
{
script_id(76471);
script_version("1.3");
script_cvs_date("Date: 2018/07/19 20:59:18");
script_cve_id("CVE-2014-4616");
script_bugtraq_id(68119);
script_xref(name:"MDVSA", value:"2014:135");
script_name(english:"Mandriva Linux Security Advisory : python (MDVSA-2014:135)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated python and python-simplejson package fixes security
vulnerability
Python are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient
bounds checking. The bug is caused by allowing the user to supply a
negative value that is used an an array index, causing the scanstring
function to access process memory outside of the string it is intended
to access (CVE-2014-4616).
This issue also affected the python-simplejson package, which has been
patched to fix the bug."
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0285.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0286.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python2.7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-simplejson");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter-apps");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
script_set_attribute(attribute:"patch_publication_date", value:"2014/07/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64python-devel-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64python2.7-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", reference:"python-docs-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-simplejson-2.3.3-2.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tkinter-2.7.3-4.7.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tkinter-apps-2.7.3-4.7.mbs1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "MANDRIVA_MDVSA-2014-135.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : python (MDVSA-2014:135)", "description": "Updated python and python-simplejson package fixes security vulnerability\n\nPython are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been patched to fix the bug.", "published": "2014-07-11T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76471", "reporter": "Tenable", "references": ["http://advisories.mageia.org/MGASA-2014-0286.html", "http://advisories.mageia.org/MGASA-2014-0285.html"], "cvelist": ["CVE-2014-4616"], "type": "nessus", "lastseen": "2018-08-02T08:25:55", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:tkinter", "p-cpe:/a:mandriva:linux:lib64python2.7", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:tkinter-apps", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:python-simplejson", "p-cpe:/a:mandriva:linux:lib64python-devel"], "cvelist": ["CVE-2014-4616"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated python and python-simplejson package fixes security vulnerability\n\nPython are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been patched to fix the bug.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "48a44a48eac163a7603ae3482a11d04062d9ddcfe738f17d220d626023855570", "hashmap": [{"hash": "56ffce673e1b00dfae4d8849341676af", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "30ffc09d41ccc58328ac69ec5a0a1aa9", "key": "title"}, {"hash": "b76a54e5dd47ce4a39091b492c73cbd7", "key": "cpe"}, {"hash": "24333885b24002d3040eba5a9a3aec15", "key": "href"}, {"hash": "60bd7baea9e12f42c1b9e1b1f802446b", "key": "description"}, {"hash": "06e40a920c8c543cb833d79281d986af", "key": "published"}, {"hash": "7ba8a8aafd8c4f18f6b72535ecd38093", "key": "references"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "70d1b68c8953bd4519b5d61ae9b659b5", "key": "cvelist"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "24aa8d8312bf6c01c56afcfeab7812c7", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76471", "id": "MANDRIVA_MDVSA-2014-135.NASL", "lastseen": "2017-10-29T13:45:09", "modified": "2015-01-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "76471", "published": "2014-07-11T00:00:00", "references": ["http://advisories.mageia.org/MGASA-2014-0286.html", "http://advisories.mageia.org/MGASA-2014-0285.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:135. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76471);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:01:01 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"MDVSA\", value:\"2014:135\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2014:135)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python and python-simplejson package fixes security\nvulnerability\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been\npatched to fix the bug.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0286.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-simplejson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python-devel-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python2.7-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"python-docs-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-simplejson-2.3.3-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-apps-2.7.3-4.7.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : python (MDVSA-2014:135)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:45:09"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-4616"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated python and python-simplejson package fixes security vulnerability\n\nPython are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been patched to fix the bug.", "edition": 2, "enchantments": {}, "hash": "52be39263c07ffe74b703c04e5f4a7ba98eb0fdef1c7a1ea6f5309a5a2a137ca", "hashmap": [{"hash": "56ffce673e1b00dfae4d8849341676af", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3c236091754d2db00c1c42f811b3ada4", "key": "cvss"}, {"hash": "30ffc09d41ccc58328ac69ec5a0a1aa9", "key": "title"}, {"hash": "24333885b24002d3040eba5a9a3aec15", "key": "href"}, {"hash": "60bd7baea9e12f42c1b9e1b1f802446b", "key": "description"}, {"hash": "06e40a920c8c543cb833d79281d986af", "key": "published"}, {"hash": "7ba8a8aafd8c4f18f6b72535ecd38093", "key": "references"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "70d1b68c8953bd4519b5d61ae9b659b5", "key": "cvelist"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "24aa8d8312bf6c01c56afcfeab7812c7", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76471", "id": "MANDRIVA_MDVSA-2014-135.NASL", "lastseen": "2017-09-08T10:43:41", "modified": "2015-01-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "76471", "published": "2014-07-11T00:00:00", "references": ["http://advisories.mageia.org/MGASA-2014-0286.html", "http://advisories.mageia.org/MGASA-2014-0285.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:135. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76471);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:01:01 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"MDVSA\", value:\"2014:135\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2014:135)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python and python-simplejson package fixes security\nvulnerability\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been\npatched to fix the bug.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0286.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-simplejson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python-devel-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python2.7-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"python-docs-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-simplejson-2.3.3-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-apps-2.7.3-4.7.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : python (MDVSA-2014:135)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2017-09-08T10:43:41"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated python and python-simplejson package fixes security vulnerability\n\nPython are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been patched to fix the bug.", "edition": 1, "enchantments": {}, "hash": "1228afd5b625dc2d77a023b6ca56301d5234ed61cbc81d1dcc38f28db018a844", "hashmap": [{"hash": "56ffce673e1b00dfae4d8849341676af", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "30ffc09d41ccc58328ac69ec5a0a1aa9", "key": "title"}, {"hash": "24333885b24002d3040eba5a9a3aec15", "key": "href"}, {"hash": "60bd7baea9e12f42c1b9e1b1f802446b", "key": "description"}, {"hash": "06e40a920c8c543cb833d79281d986af", "key": "published"}, {"hash": "7ba8a8aafd8c4f18f6b72535ecd38093", "key": "references"}, {"hash": "11f77624342c1d306e42f33a43f1ce21", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "70d1b68c8953bd4519b5d61ae9b659b5", "key": "cvelist"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "24aa8d8312bf6c01c56afcfeab7812c7", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=76471", "id": "MANDRIVA_MDVSA-2014-135.NASL", "lastseen": "2016-09-26T17:26:32", "modified": "2015-01-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "76471", "published": "2014-07-11T00:00:00", "references": ["http://advisories.mageia.org/MGASA-2014-0286.html", "http://advisories.mageia.org/MGASA-2014-0285.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:135. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76471);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/01/19 15:01:01 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"MDVSA\", value:\"2014:135\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2014:135)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python and python-simplejson package fixes security\nvulnerability\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been\npatched to fix the bug.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0286.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-simplejson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python-devel-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python2.7-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"python-docs-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-simplejson-2.3.3-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-apps-2.7.3-4.7.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : python (MDVSA-2014:135)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:26:32"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "b76a54e5dd47ce4a39091b492c73cbd7"}, {"key": "cvelist", "hash": "70d1b68c8953bd4519b5d61ae9b659b5"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "description", "hash": "60bd7baea9e12f42c1b9e1b1f802446b"}, {"key": "href", "hash": "24333885b24002d3040eba5a9a3aec15"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "526837706681051344a466f9e51ac982"}, {"key": "pluginID", "hash": "56ffce673e1b00dfae4d8849341676af"}, {"key": "published", "hash": "06e40a920c8c543cb833d79281d986af"}, {"key": "references", "hash": "7ba8a8aafd8c4f18f6b72535ecd38093"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "914192af7d90abcc4cfe61563af8d47e"}, {"key": "title", "hash": "30ffc09d41ccc58328ac69ec5a0a1aa9"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "f91feab9e47a0727906d68f2ef61c2737683d3843865da81797b3f2ce873e294", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:135. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76471);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"MDVSA\", value:\"2014:135\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2014:135)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python and python-simplejson package fixes security\nvulnerability\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThis issue also affected the python-simplejson package, which has been\npatched to fix the bug.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0286.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-simplejson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python-devel-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64python2.7-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"python-docs-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-simplejson-2.3.3-2.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-2.7.3-4.7.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"tkinter-apps-2.7.3-4.7.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "76471", "cpe": ["p-cpe:/a:mandriva:linux:tkinter", "p-cpe:/a:mandriva:linux:lib64python2.7", "cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:tkinter-apps", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:python-simplejson", "p-cpe:/a:mandriva:linux:lib64python-devel"]}
{"result": {"cve": [{"lastseen": "2018-01-05T12:21:44", "references": ["https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752395", "http://bugs.python.org/issue21529", "https://bugzilla.redhat.com/show_bug.cgi?id=1112285", "https://security.gentoo.org/glsa/201503-10", "http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html", "https://hackerone.com/reports/12297", "http://www.securityfocus.com/bid/68119", "http://rhn.redhat.com/errata/RHSA-2015-1064.html", "http://openwall.com/lists/oss-security/2014/06/24/7"], "description": "Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.", "edition": 5, "reporter": "NVD", "published": "2017-08-24T16:29:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CVE-2014-4616", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-4616"], "scanner": [], "cpe": ["cpe:/a:simplejson_project:simplejson:2.4.0::~~~python~~", "cpe:/a:simplejson_project:simplejson:1.9.3::~~~python~~", "cpe:/a:python:python:3.4.0", "cpe:/a:simplejson_project:simplejson:1.6::~~~python~~", "cpe:/a:python:python:2.7.10", "cpe:/a:python:python:3.0.1", "cpe:/a:python:python:3.4.1", "cpe:/a:simplejson_project:simplejson:2.3.0::~~~python~~", "cpe:/a:simplejson_project:simplejson:1.9.1::~~~python~~", "cpe:/o:opensuse_project:opensuse:13.1", "cpe:/a:simplejson_project:simplejson:2.0.2::~~~python~~", "cpe:/a:simplejson_project:simplejson:2.0.4::~~~python~~", "cpe:/a:simplejson_project:simplejson:2.0.7::~~~python~~", "cpe:/a:simplejson_project:simplejson:1.7.2::~~~python~~", "cpe:/a:python:python:2.7.5", "cpe:/a:python:python:3.1.1", "cpe:/a:simplejson_project:simplejson:2.0.3::~~~python~~", "cpe:/a:python:python:3.5.0", "cpe:/a:simplejson_project:simplejson:2.1.5::~~~python~~", "cpe:/a:simplejson_project:simplejson:2.5.2::~~~python~~", "cpe:/a:python:python:3.4.3", "cpe:/a:simplejson_project:simplejson:2.5.0::~~~python~~", "cpe:/a:simplejson_project:simplejson:2.1.4::~~~python~~", "cpe:/a:simplejson_project:simplejson:1.9.2::~~~python~~", "cpe:/a:python:python:2.7.0", "cpe:/a:python:python:3.2.0", "cpe:/a:python:python:3.1.2", "cpe:/a:simplejson_project:simplejson:2.0.9::~~~python~~", "cpe:/a:simplejson_project:simplejson:1.5::~~~python~~", "cpe:/a:simplejson_project:simplejson:2.1.6::~~~python~~", "cpe:/a:simplejson_project:simplejson:1.7::~~~python~~", "cpe:/a:python:python:2.7.6", "cpe:/a:simplejson_project:simplejson:2.1.0:rc2:~~~python~~", "cpe:/a:simplejson_project:simplejson:1.7.5::~~~python~~", "cpe:/a:python:python:3.4.2", "cpe:/a:python:python:3.3.4", "cpe:/a:simplejson_project:simplejson:2.1.0::~~~python~~", "cpe:/a:simplejson_project:simplejson:1.8::~~~python~~", "cpe:/a:python:python:2.7.3", "cpe:/a:simplejson_project:simplejson:1.7.1::~~~python~~", "cpe:/a:simplejson_project:simplejson:2.3.3::~~~python~~", "cpe:/a:simplejson_project:simplejson:2.3.1::~~~python~~", "cpe:/a:python:python:2.7.9", "cpe:/a:simplejson_project:simplejson:2.0.0::~~~python~~", "cpe:/a:python:python:3.3.6", "cpe:/a:python:python:3.3.3", "cpe:/a:simplejson_project:simplejson:2.5.1::~~~python~~", "cpe:/a:simplejson_project:simplejson:2.1.2::~~~python~~", "cpe:/a:python:python:3.3.0", "cpe:/a:python:python:3.0.0", "cpe:/a:simplejson_project:simplejson:2.1.3::~~~python~~", "cpe:/a:python:python:3.1.0", "cpe:/a:simplejson_project:simplejson:1.8.1::~~~python~~", "cpe:/a:simplejson_project:simplejson:2.1.0:rc1:~~~python~~", "cpe:/a:simplejson_project:simplejson:2.2.0::~~~python~~", "cpe:/a:python:python:3.3.5", "cpe:/a:python:python:2.7.12", "cpe:/a:simplejson_project:simplejson:2.2.1::~~~python~~", "cpe:/o:opensuse_project:opensuse:12.3", "cpe:/a:python:python:3.4.4", "cpe:/a:python:python:2.7.13", "cpe:/a:python:python:2.7.4", "cpe:/a:python:python:2.7.2", "cpe:/a:simplejson_project:simplejson:2.0.1::~~~python~~", "cpe:/a:python:python:3.2.2", "cpe:/a:simplejson_project:simplejson:1.7.4::~~~python~~", "cpe:/a:python:python:3.2.1", "cpe:/a:simplejson_project:simplejson:1.3::~~~python~~", "cpe:/a:python:python:3.2.3", "cpe:/a:simplejson_project:simplejson:2.0.6::~~~python~~", "cpe:/a:python:python:3.3.2", "cpe:/a:python:python:2.7.1", "cpe:/a:python:python:3.1.3", "cpe:/a:python:python:3.4.6", "cpe:/a:simplejson_project:simplejson:2.3.2::~~~python~~", "cpe:/a:python:python:3.1.5", "cpe:/a:python:python:3.2.4", "cpe:/a:simplejson_project:simplejson:2.0.5::~~~python~~", "cpe:/a:python:python:3.4.5", "cpe:/a:simplejson_project:simplejson:1.1::~~~python~~", "cpe:/a:python:python:2.7.11", "cpe:/a:python:python:3.1.4", "cpe:/a:python:python:3.2.5", "cpe:/a:python:python:3.4.7", "cpe:/a:python:python:2.7.8", "cpe:/a:simplejson_project:simplejson:2.0.8::~~~python~~", "cpe:/a:python:python:3.2.6", "cpe:/a:python:python:3.3.1", "cpe:/a:python:python:2.7.7", "cpe:/a:simplejson_project:simplejson:2.1.1::~~~python~~", "cpe:/a:simplejson_project:simplejson:1.9::~~~python~~"], "modified": "2018-01-04T21:29:53", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4616", "id": "CVE-2014-4616", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-01-31T07:14:22", "references": ["http://www.nessus.org/u?cb633cbb", "https://bugzilla.redhat.com/show_bug.cgi?id=1112285"], "pluginID": "76539", "description": "Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2014-07-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 19 : python-2.7.5-13.fc19 (2014-7772)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:python"], "modified": "2018-01-30T00:00:00", "id": "FEDORA_2014-7772.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7772.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76539);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2018/01/30 17:46:07 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-7772\");\n\n script_name(english:\"Fedora 19 : python-2.7.5-13.fc19 (2014-7772)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135433.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cb633cbb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"python-2.7.5-13.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-31T07:01:25", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1112285", "http://www.nessus.org/u?6d288d8e"], "pluginID": "79076", "edition": 5, "description": "Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "reporter": "Tenable", "published": "2014-11-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 20 : python3-3.3.2-18.fc20 (2014-14245)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:20"], "modified": "2018-01-30T00:00:00", "id": "FEDORA_2014-14245.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79076", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14245.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79076);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2018/01/30 17:46:07 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-14245\");\n\n script_name(english:\"Fedora 20 : python3-3.3.2-18.fc20 (2014-14245)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle\nURL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142831.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d288d8e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"python3-3.3.2-18.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-27T03:09:06", "references": ["http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html", "https://bugzilla.novell.com/show_bug.cgi?id=884075"], "pluginID": "76488", "description": "python and python3 were updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Missing boundary check in JSON module (CVE-2014-4616)", "edition": 5, "reporter": "Tenable", "published": "2014-07-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "openSUSE Security Update : python / python3 (openSUSE-SU-2014:0890-1)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cpe": ["p-cpe:/a:novell:opensuse:python3", "p-cpe:/a:novell:opensuse:python3-dbm", "p-cpe:/a:novell:opensuse:python-curses-debuginfo", "p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3-base-debuginfo", "p-cpe:/a:novell:opensuse:python3-curses", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:python3-devel-debuginfo", "p-cpe:/a:novell:opensuse:python3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-idle", "p-cpe:/a:novell:opensuse:python-curses", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python-gdbm-debuginfo", "p-cpe:/a:novell:opensuse:libpython3_3m1_0-32bit", "p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-base-debuginfo", "p-cpe:/a:novell:opensuse:python-debuginfo", "p-cpe:/a:novell:opensuse:python3-devel", "p-cpe:/a:novell:opensuse:python3-base", "p-cpe:/a:novell:opensuse:python-gdbm", "p-cpe:/a:novell:opensuse:python-base", "p-cpe:/a:novell:opensuse:python3-tk-debuginfo", "p-cpe:/a:novell:opensuse:python3-32bit", "p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo", "p-cpe:/a:novell:opensuse:python-xml-debuginfo", "p-cpe:/a:novell:opensuse:python-tk-debuginfo", "p-cpe:/a:novell:opensuse:python3-dbm-debuginfo", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit", "p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo", "p-cpe:/a:novell:opensuse:python-debugsource", "p-cpe:/a:novell:opensuse:libpython2_7-1_0", "p-cpe:/a:novell:opensuse:python-base-debugsource", "p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-xml", "p-cpe:/a:novell:opensuse:python-tk", "p-cpe:/a:novell:opensuse:python-base-32bit", "p-cpe:/a:novell:opensuse:python3-curses-debuginfo", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:opensuse:python3-tools", "p-cpe:/a:novell:opensuse:python3-base-32bit", "p-cpe:/a:novell:opensuse:python3-doc-pdf", "p-cpe:/a:novell:opensuse:python-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3-testsuite", "p-cpe:/a:novell:opensuse:libpython3_3m1_0", "p-cpe:/a:novell:opensuse:python-doc-pdf", "p-cpe:/a:novell:opensuse:python3-idle", "p-cpe:/a:novell:opensuse:python3-tk", "p-cpe:/a:novell:opensuse:python3-debugsource", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:python3-base-debugsource", "p-cpe:/a:novell:opensuse:python3-debuginfo", "p-cpe:/a:novell:opensuse:python-demo", "p-cpe:/a:novell:opensuse:python-devel"], "modified": "2018-01-26T00:00:00", "id": "OPENSUSE-2014-458.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76488", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-458.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76488);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:15:58 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n\n script_name(english:\"openSUSE Security Update : python / python3 (openSUSE-SU-2014:0890-1)\");\n script_summary(english:\"Check for the openSUSE-2014-458 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"python and python3 were updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Missing boundary check in JSON module (CVE-2014-4616)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2014-07/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=884075\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python / python3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpython2_7-1_0-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpython2_7-1_0-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpython3_3m1_0-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libpython3_3m1_0-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-base-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-base-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-base-debugsource-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-curses-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-curses-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-debugsource-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-demo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-devel-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-doc-pdf-2.7-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-gdbm-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-gdbm-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-idle-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-tk-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-tk-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-xml-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python-xml-debuginfo-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-base-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-base-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-base-debugsource-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-curses-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-curses-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-dbm-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-dbm-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-debugsource-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-devel-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-devel-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-doc-pdf-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-idle-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-testsuite-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-testsuite-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-tk-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-tk-debuginfo-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"python3-tools-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-debuginfo-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python-debuginfo-32bit-2.7.3-10.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python3-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"python3-debuginfo-32bit-3.3.0-6.19.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython2_7-1_0-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython2_7-1_0-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython3_3m1_0-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython3_3m1_0-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-base-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-base-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-base-debugsource-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-curses-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-curses-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-debugsource-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-demo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-devel-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-doc-pdf-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-gdbm-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-gdbm-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-idle-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-tk-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-tk-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-xml-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-xml-debuginfo-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-base-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-base-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-base-debugsource-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-curses-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-curses-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-dbm-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-dbm-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-debugsource-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-devel-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-devel-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-doc-pdf-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-idle-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-testsuite-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-testsuite-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-tk-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-tk-debuginfo-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-tools-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-debuginfo-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-debuginfo-32bit-2.7.6-8.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-32bit-3.3.5-5.12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-debuginfo-32bit-3.3.5-5.12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-19T07:50:12", "references": ["http://bugs.python.org/issue21529", "https://alas.aws.amazon.com/ALAS-2014-380.html"], "pluginID": "78323", "description": "It was reported that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.\n\nQuoting the upstream bug report :\n\n'The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.'", "edition": 6, "reporter": "Tenable", "published": "2014-10-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "nessus", "title": "Amazon Linux AMI : python27 (ALAS-2014-380)", "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cpe": ["p-cpe:/a:amazon:linux:python27-libs", "p-cpe:/a:amazon:linux:python27", "p-cpe:/a:amazon:linux:python27-test", "p-cpe:/a:amazon:linux:python27-debuginfo", "p-cpe:/a:amazon:linux:python27-devel", "p-cpe:/a:amazon:linux:python27-tools", "cpe:/o:amazon:linux"], "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2014-380.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78323", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-380.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78323);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_xref(name:\"ALAS\", value:\"2014-380\");\n\n script_name(english:\"Amazon Linux AMI : python27 (ALAS-2014-380)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was reported that Python built-in _json module have a flaw\n(insufficient bounds checking), which allows a local user to read\ncurrent process' arbitrary memory.\n\nQuoting the upstream bug report :\n\n'The sole prerequisites of this attack are that the attacker is able\nto control or influence the two parameters of the default scanstring\nfunction: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index\nvalue. The index value is then used directly as an index to an array\nin the C code; internally the address of the array and its index are\nadded to each other in order to yield the address of the value that is\ndesired. However, by supplying a negative index value and adding this\nto the address of the array, the processor's register value wraps\naround and the calculated value will point to a position in memory\nwhich isn't within the bounds of the supplied string, causing the\nfunction to access other parts of the process memory.'\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.python.org/issue21529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-380.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python27' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python27-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-debuginfo-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-devel-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-libs-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-test-2.7.5-13.35.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-tools-2.7.5-13.35.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python27 / python27-debuginfo / python27-devel / python27-libs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-31T07:00:10", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1112285", "http://www.nessus.org/u?e3b06ef1"], "pluginID": "79238", "description": "Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2014-11-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 19 : python3-3.3.2-10.fc19 (2014-14257)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:19"], "modified": "2018-01-30T00:00:00", "id": "FEDORA_2014-14257.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79238", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14257.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79238);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2018/01/30 17:46:07 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-14257\");\n\n script_name(english:\"Fedora 19 : python3-3.3.2-10.fc19 (2014-14257)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle\nURL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143576.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e3b06ef1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"python3-3.3.2-10.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-19T07:48:55", "references": ["http://bugs.python.org/issue21529", "https://alas.aws.amazon.com/ALAS-2014-374.html"], "pluginID": "78317", "description": "It was reported that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.\n\nQuoting the upstream bug report :\n\n'The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.'", "edition": 6, "reporter": "Tenable", "published": "2014-10-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Amazon Linux AMI : python-simplejson (ALAS-2014-374)", "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cpe": ["p-cpe:/a:amazon:linux:python-simplejson-debuginfo", "p-cpe:/a:amazon:linux:python-simplejson", "cpe:/o:amazon:linux"], "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2014-374.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78317", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-374.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78317);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_xref(name:\"ALAS\", value:\"2014-374\");\n\n script_name(english:\"Amazon Linux AMI : python-simplejson (ALAS-2014-374)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was reported that Python built-in _json module have a flaw\n(insufficient bounds checking), which allows a local user to read\ncurrent process' arbitrary memory.\n\nQuoting the upstream bug report :\n\n'The sole prerequisites of this attack are that the attacker is able\nto control or influence the two parameters of the default scanstring\nfunction: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index\nvalue. The index value is then used directly as an index to an array\nin the C code; internally the address of the array and its index are\nadded to each other in order to yield the address of the value that is\ndesired. However, by supplying a negative index value and adding this\nto the address of the array, the processor's register value wraps\naround and the calculated value will point to a position in memory\nwhich isn't within the bounds of the supplied string, causing the\nfunction to access other parts of the process memory.'\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.python.org/issue21529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-374.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python-simplejson' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-simplejson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-simplejson-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python-simplejson-3.5.3-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python-simplejson-debuginfo-3.5.3-1.7.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-simplejson / python-simplejson-debuginfo\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-31T07:10:28", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1112285", "http://www.nessus.org/u?94088bd1"], "pluginID": "76540", "edition": 5, "description": "Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "reporter": "Tenable", "published": "2014-07-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 19 : python3-3.3.2-9.fc19 (2014-8035)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:19"], "modified": "2018-01-30T00:00:00", "id": "FEDORA_2014-8035.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76540", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-8035.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76540);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2018/01/30 17:46:07 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-8035\");\n\n script_name(english:\"Fedora 19 : python3-3.3.2-9.fc19 (2014-8035)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135423.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94088bd1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"python3-3.3.2-9.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-31T07:01:22", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1112285", "http://www.nessus.org/u?bb72edb4"], "pluginID": "79095", "description": "Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle URL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2014-11-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 21 : python3-3.4.1-16.fc21 (2014-14208)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:21"], "modified": "2018-01-30T00:00:00", "id": "FEDORA_2014-14208.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79095", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-14208.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79095);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2018/01/30 17:46:07 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-14208\");\n\n script_name(english:\"Fedora 21 : python3-3.4.1-16.fc21 (2014-14208)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4650: CGIHTTPServer module does not properly handle\nURL-encoded path separators in URLs. Fix for CVE-2014-4650\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143191.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb72edb4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"python3-3.4.1-16.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-31T06:56:00", "references": ["http://www.nessus.org/u?f8c74e51", "https://bugzilla.redhat.com/show_bug.cgi?id=1112285"], "pluginID": "76328", "description": "Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 20 : python-2.7.5-13.fc20 (2014-7800)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:python"], "modified": "2018-01-30T00:00:00", "id": "FEDORA_2014-7800.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76328", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7800.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76328);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2018/01/30 17:46:07 $\");\n\n script_cve_id(\"CVE-2014-4616\");\n script_bugtraq_id(68119);\n script_xref(name:\"FEDORA\", value:\"2014-7800\");\n\n script_name(english:\"Fedora 20 : python-2.7.5-13.fc20 (2014-7800)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2014-4616\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112285\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134903.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8c74e51\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"python-2.7.5-13.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-07-30T14:16:34", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-November/005559.html"], "pluginID": "87020", "description": "From Red Hat Security Advisory 2015:2101 :\n\nUpdated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "edition": 4, "reporter": "Tenable", "published": "2015-11-24T00:00:00", "title": "Oracle Linux 7 : python (ELSA-2015-2101)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2018-07-25T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tkinter", "p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-libs", "p-cpe:/a:oracle:linux:python-test", "p-cpe:/a:oracle:linux:python-tools", "p-cpe:/a:oracle:linux:python-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:python-debug"], "id": "ORACLELINUX_ELSA-2015-2101.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87020", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:2101 and \n# Oracle Linux Security Advisory ELSA-2015-2101 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87020);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/25 14:27:30\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"RHSA\", value:\"2015:2101\");\n\n script_name(english:\"Oracle Linux 7 : python (ELSA-2015-2101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:2101 :\n\nUpdated python packages that fix multiple security issues, several\nbugs, and add various enhancements are now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict\nthe size of gzip-compressed HTTP responses. A malicious XMLRPC server\ncould cause an XMLRPC client using xmlrpclib to consume an excessive\namount of memory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An\nattacker able to control the index value passed to one of the affected\nfunctions could possibly use this flaw to disclose portions of the\napplication memory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or\nurllib) did not perform verification of TLS/SSL certificates when\nconnecting to HTTPS servers. A man-in-the-middle attacker could use\nthis flaw to hijack connections and eavesdrop or modify transferred\ndata. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to\nenable certificate verification by default. However, for backwards\ncompatibility, verification remains disabled by default. Future\nupdates may change this default. Refer to the Knowledgebase article\n2039753 linked to in the References section for further details about\nthis change. (BZ#1219108)\n\nThis update also fixes the following bugs :\n\n* Subprocesses used with the Eventlet library or regular threads\npreviously tried to close epoll file descriptors twice, which led to\nan 'Invalid argument' error. Subprocesses have been fixed to close the\nfile descriptors only once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no\nlonger produces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the\n'-s' option supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts 'None' as a keyfile\nargument. (BZ#1250611)\n\nIn addition, this update adds the following enhancements :\n\n* Security enhancements as described in PEP 466 have been backported\nto the Python standard library, for example, new features of the ssl\nmodule: Server Name Indication (SNI) support, support for new TLSv1.x\nprotocols, new hash algorithms in the hashlib module, and many more.\n(BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the\nssl library. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access\ninformation about the version of the SSL protocol used in a\nconnection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add these\nenhancements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-November/005559.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-34.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-34.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debug / python-devel / python-libs / python-test / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "amazon": [{"lastseen": "2016-09-28T21:04:03", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.5.3-1.7", "arch": "x86_64", "packageFilename": "python-simplejson-debuginfo-3.5.3-1.7.amzn1.x86_64", "packageName": "python-simplejson-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.5.3-1.7", "arch": "src", "packageFilename": "python-simplejson-3.5.3-1.7.amzn1.src", "packageName": "python-simplejson", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.5.3-1.7", "arch": "i686", "packageFilename": "python-simplejson-3.5.3-1.7.amzn1.i686", "packageName": "python-simplejson", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.5.3-1.7", "arch": "x86_64", "packageFilename": "python-simplejson-3.5.3-1.7.amzn1.x86_64", "packageName": "python-simplejson", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.5.3-1.7", "arch": "i686", "packageFilename": "python-simplejson-debuginfo-3.5.3-1.7.amzn1.i686", "packageName": "python-simplejson-debuginfo", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nIt was [reported](<http://bugs.python.org/issue21529>) that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.\n\nQuoting the upstream bug report:\n\n_The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory._\n\n \n**Affected Packages:** \n\n\npython-simplejson\n\n \n**Issue Correction:** \nRun _yum update python-simplejson_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n python-simplejson-debuginfo-3.5.3-1.7.amzn1.i686 \n python-simplejson-3.5.3-1.7.amzn1.i686 \n \n src: \n python-simplejson-3.5.3-1.7.amzn1.src \n \n x86_64: \n python-simplejson-debuginfo-3.5.3-1.7.amzn1.x86_64 \n python-simplejson-3.5.3-1.7.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2014-07-09T16:51:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "amazon", "title": "Low: python-simplejson", "bulletinFamily": "unix", "cvelist": ["CVE-2014-4616"], "modified": "2014-09-19T10:47:00", "id": "ALAS-2014-374", "href": "https://alas.aws.amazon.com/ALAS-2014-374.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-28T21:04:12", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "x86_64", "packageFilename": "python27-devel-2.7.5-13.35.amzn1.x86_64", "packageName": "python27-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "i686", "packageFilename": "python27-tools-2.7.5-13.35.amzn1.i686", "packageName": "python27-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "x86_64", "packageFilename": "python27-debuginfo-2.7.5-13.35.amzn1.x86_64", "packageName": "python27-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "i686", "packageFilename": "python27-devel-2.7.5-13.35.amzn1.i686", "packageName": "python27-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "x86_64", "packageFilename": "python27-test-2.7.5-13.35.amzn1.x86_64", "packageName": "python27-test", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "i686", "packageFilename": "python27-2.7.5-13.35.amzn1.i686", "packageName": "python27", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "x86_64", "packageFilename": "python27-2.7.5-13.35.amzn1.x86_64", "packageName": "python27", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "x86_64", "packageFilename": "python27-libs-2.7.5-13.35.amzn1.x86_64", "packageName": "python27-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "i686", "packageFilename": "python27-debuginfo-2.7.5-13.35.amzn1.i686", "packageName": "python27-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "i686", "packageFilename": "python27-libs-2.7.5-13.35.amzn1.i686", "packageName": "python27-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "x86_64", "packageFilename": "python27-tools-2.7.5-13.35.amzn1.x86_64", "packageName": "python27-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "i686", "packageFilename": "python27-test-2.7.5-13.35.amzn1.i686", "packageName": "python27-test", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.5-13.35", "arch": "src", "packageFilename": "python27-2.7.5-13.35.amzn1.src", "packageName": "python27", "operator": "lt"}], "edition": 1, "description": "**Issue Overview:**\n\nIt was [reported](<http://bugs.python.org/issue21529>) that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.\n\nQuoting the upstream bug report:\n\n_The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory._\n\n \n**Affected Packages:** \n\n\npython27\n\n \n**Issue Correction:** \nRun _yum update python27_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n python27-tools-2.7.5-13.35.amzn1.i686 \n python27-2.7.5-13.35.amzn1.i686 \n python27-test-2.7.5-13.35.amzn1.i686 \n python27-debuginfo-2.7.5-13.35.amzn1.i686 \n python27-libs-2.7.5-13.35.amzn1.i686 \n python27-devel-2.7.5-13.35.amzn1.i686 \n \n src: \n python27-2.7.5-13.35.amzn1.src \n \n x86_64: \n python27-tools-2.7.5-13.35.amzn1.x86_64 \n python27-libs-2.7.5-13.35.amzn1.x86_64 \n python27-test-2.7.5-13.35.amzn1.x86_64 \n python27-2.7.5-13.35.amzn1.x86_64 \n python27-devel-2.7.5-13.35.amzn1.x86_64 \n python27-debuginfo-2.7.5-13.35.amzn1.x86_64 \n \n \n", "reporter": "Amazon", "published": "2014-07-23T13:53:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "amazon", "title": "Medium: python27", "bulletinFamily": "unix", "cvelist": ["CVE-2014-4616"], "modified": "2014-09-19T10:51:00", "id": "ALAS-2014-380", "href": "https://alas.aws.amazon.com/ALAS-2014-380.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2018-04-09T11:11:29", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134903.html", "2014-7800"], "pluginID": "1361412562310867929", "description": "Check for the Version of python", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-07-01T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for python FEDORA-2014-7800", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867929", "id": "OPENVAS:1361412562310867929", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2014-7800\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867929\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 15:22:41 +0530 (Tue, 01 Jul 2014)\");\n script_cve_id(\"CVE-2014-4616\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python FEDORA-2014-7800\");\n\n tag_insight = \"Python is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nProgrammers can write new built-in modules for Python in C or C++.\nPython can be used as an extension language for applications that need\na programmable interface.\n\nNote that documentation for Python is provided in the python-docs\npackage.\n\nThis package provides the 'python' executable most of the actual\nimplementation is within the 'python-libs' package.\n\";\n\n tag_affected = \"python on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-7800\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134903.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~13.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-14T12:03:03", "references": ["https://alas.aws.amazon.com/ALAS-2014-374.html"], "pluginID": "1361412562310120575", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Amazon Linux Local Check: ALAS-2014-374", "type": "openvas", "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "modified": "2017-09-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120575", "id": "OPENVAS:1361412562310120575", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2014-374.nasl 7101 2017-09-12 06:15:03Z asteins $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120575\");\nscript_version(\"$Revision: 7101 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:29:53 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-09-12 08:15:03 +0200 (Tue, 12 Sep 2017) $\");\nscript_name(\"Amazon Linux Local Check: ALAS-2014-374\");\nscript_tag(name: \"insight\", value: \"It was\"); \nscript_tag(name : \"solution\", value : \"Run yum update python-simplejson to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2014-374.html\");\nscript_cve_id(\"CVE-2014-4616\");\nscript_tag(name:\"cvss_base\", value:\"4.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"python-simplejson-debuginfo\", rpm:\"python-simplejson-debuginfo~3.5.3~1.7.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python-simplejson\", rpm:\"python-simplejson~3.5.3~1.7.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-09-14T12:03:31", "references": ["https://alas.aws.amazon.com/ALAS-2014-380.html"], "pluginID": "1361412562310120402", "description": "Amazon Linux Local Security Checks", "edition": 5, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2014-380", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616"], "modified": "2017-09-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120402", "id": "OPENVAS:1361412562310120402", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Amazon Linux security check \n# $Id: alas-2014-380.nasl 7101 2017-09-12 06:15:03Z asteins $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@iki.fi> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org \n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.120402\");\nscript_version(\"$Revision: 7101 $\");\nscript_tag(name:\"creation_date\", value:\"2015-09-08 13:25:33 +0200 (Tue, 08 Sep 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-09-12 08:15:03 +0200 (Tue, 12 Sep 2017) $\");\nscript_name(\"Amazon Linux Local Check: ALAS-2014-380\");\nscript_tag(name: \"insight\", value: \"It was reported that Python built-in _json module have a flaw (insufficient bounds checking), which allows a local user to read current process' arbitrary memory.Quoting the upstream bug report:The sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.The bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.\"); \nscript_tag(name : \"solution\", value : \"Run yum update python27 to update your system.\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_xref(name : \"URL\" , value : \"https://alas.aws.amazon.com/ALAS-2014-380.html\");\nscript_cve_id(\"CVE-2014-4616\");\nscript_tag(name:\"cvss_base\", value:\"4.3\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Amazon Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"python27-tools\", rpm:\"python27-tools~2.7.5~13.35.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27\", rpm:\"python27~2.7.5~13.35.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-test\", rpm:\"python27-test~2.7.5~13.35.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-debuginfo\", rpm:\"python27-debuginfo~2.7.5~13.35.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-libs\", rpm:\"python27-libs~2.7.5~13.35.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"python27-devel\", rpm:\"python27-devel~2.7.5~13.35.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-09T11:11:28", "references": ["2014-8035", "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135423.html"], "pluginID": "1361412562310867978", "description": "Check for the Version of python3", "edition": 4, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-07-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for python3 FEDORA-2014-8035", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4238", "CVE-2014-4616"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867978", "id": "OPENVAS:1361412562310867978", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2014-8035\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867978\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-21 12:28:02 +0530 (Mon, 21 Jul 2014)\");\n script_cve_id(\"CVE-2014-4616\", \"CVE-2013-4238\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python3 FEDORA-2014-8035\");\n\n tag_insight = \"Python 3 is a new version of the language that is incompatible with the 2.x\nline of releases. The language is mostly the same, but many details, especially\nhow built-in objects like dictionaries and strings work, have changed\nconsiderably, and a lot of deprecated features have finally been removed.\n\";\n\n tag_affected = \"python3 on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-8035\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135423.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of python3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.3.2~9.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:13:56", "references": ["2014-7772", "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135433.html"], "pluginID": "1361412562310867987", "description": "Check for the Version of python", "edition": 4, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-07-21T00:00:00", "title": "Fedora Update for python FEDORA-2014-7772", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4238", "CVE-2014-4616"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867987", "id": "OPENVAS:1361412562310867987", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2014-7772\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867987\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-21 14:23:39 +0530 (Mon, 21 Jul 2014)\");\n script_cve_id(\"CVE-2014-4616\", \"CVE-2013-4238\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python FEDORA-2014-7772\");\n\n tag_insight = \"Python is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nProgrammers can write new built-in modules for Python in C or C++.\nPython can be used as an extension language for applications that need\na programmable interface.\n\nNote that documentation for Python is provided in the python-docs\npackage.\n\nThis package provides the 'python' executable most of the actual\nimplementation is within the 'python-libs' package.\n\";\n\n tag_affected = \"python on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-7772\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135433.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~13.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-09-08T10:45:57", "references": ["2014-14245", "https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142831.html"], "pluginID": "1361412562310868464", "description": "Check the version of python3", "edition": 3, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-11-10T00:00:00", "title": "Fedora Update for python3 FEDORA-2014-14245", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4616", "CVE-2014-4650"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868464", "id": "OPENVAS:1361412562310868464", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2014-14245\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868464\");\n script_version(\"$Revision: 6637 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 11:58:13 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-10 05:10:57 +0100 (Mon, 10 Nov 2014)\");\n script_cve_id(\"CVE-2014-4650\", \"CVE-2014-4616\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for python3 FEDORA-2014-14245\");\n script_tag(name: \"summary\", value: \"Check the version of python3\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Python 3 is a new version of the language that is incompatible with the 2.x\nline of releases. The language is mostly the same, but many details, especially\nhow built-in objects like dictionaries and strings work, have changed\nconsiderably, and a lot of deprecated features have finally been removed.\n\");\n script_tag(name: \"affected\", value: \"python3 on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-14245\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142831.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.3.2~18.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-28T10:48:27", "references": ["2014-14257", "https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143576.html"], "pluginID": "1361412562310868482", "description": "Check the version of python3", "edition": 3, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-11-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for python3 FEDORA-2014-14257", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4238", "CVE-2014-4616", "CVE-2014-4650"], "modified": "2017-07-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868482", "id": "OPENVAS:1361412562310868482", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2014-14257\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868482\");\n script_version(\"$Revision: 6715 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-13 11:57:40 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-14 06:45:26 +0100 (Fri, 14 Nov 2014)\");\n script_cve_id(\"CVE-2014-4650\", \"CVE-2013-4238\", \"CVE-2014-4616\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for python3 FEDORA-2014-14257\");\n script_tag(name: \"summary\", value: \"Check the version of python3\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Python 3 is a new version of the language that is incompatible with the 2.x\nline of releases. The language is mostly the same, but many details, especially\nhow built-in objects like dictionaries and strings work, have changed\nconsiderably, and a lot of deprecated features have finally been removed.\n\");\n script_tag(name: \"affected\", value: \"python3 on Fedora 19\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-14257\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/143576.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.3.2~10.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:53:44", "references": ["http://linux.oracle.com/errata/ELSA-2015-2101.html"], "pluginID": "1361412562310122760", "description": "Oracle Linux Local Security Checks ELSA-2015-2101", "edition": 2, "reporter": "Eero Volotinen", "published": "2015-11-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Oracle Linux Local Check: ELSA-2015-2101", "type": "openvas", "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122760", "id": "OPENVAS:1361412562310122760", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2015-2101.nasl 6560 2017-07-06 11:58:38Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.122760\");\nscript_version(\"$Revision: 6560 $\");\nscript_tag(name:\"creation_date\", value:\"2015-11-24 10:17:32 +0200 (Tue, 24 Nov 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:58:38 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2015-2101\");\nscript_tag(name: \"insight\", value: \"ELSA-2015-2101 - python security, bug fix, and enhancement update - [2.7.5-34.0.1]- Add Oracle Linux distribution in platform.py [orabug 20812544][2.7.5-34]- Revert fix for rhbz#1117751 as it leads to regressionsResolves: rhbz#1117751[2.7.5-33]- Only restore SIG_PIPE when Popen called with restore_sigpipeResolves: rhbz#1117751[2.7.5-32]- Backport SSLSocket.version function- Temporary disable test_gdb on ppc64le rhbz#1260558Resolves: rhbz#1259421[2.7.5-31]- Update load_cert_chain function to accept None keyfileResolves: rhbz#1250611[2.7.5-30]- Change Patch224 according to latest update in PEP493Resolves:rhbz#1219108[2.7.5-29]- Popen shouldn't ignore SIG_PIPEResolves: rhbz#1117751[2.7.5-28]- Exclude python subprocess temp files from cleaningResolves: rhbz#1058482[2.7.5-27]- Add list for cprofile sort optionResolves:rhbz#1237107[2.7.5-26]- Add switch to toggle cert verification on or off globallyResolves:rhbz#1219108[2.7.5-25]- PEP476 enable cert verifications by defaultResolves:rhbz#1219110[2.7.5-24]- Massive backport of ssl module from python3 aka PEP466Resolves: rhbz#1111461[2.7.5-23]- Fixed CVE-2013-1753, CVE-2013-1752, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185Resolves: rhbz#1206574[2.7.5-22]- Fix importing readline producing erroneous outputResolves: rhbz#1189301[2.7.5-21]- Add missing import in bdist_rpmResolves: rhbz#1177613[2.7.5-20]- Avoid double close of subprocess pipesResolves: rhbz#1103452[2.7.5-19]- make multiprocessing ignore EINTRResolves: rhbz#1181624\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2015-2101\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2015-2101.html\");\nscript_cve_id(\"CVE-2013-1753\",\"CVE-2014-4616\",\"CVE-2013-1752\",\"CVE-2014-4650\",\"CVE-2014-7185\");\nscript_tag(name:\"cvss_base\", value:\"6.4\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"python-debug\", rpm:\"python-debug~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"python-test\", rpm:\"python-test~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-30T14:03:28", "references": ["2653-1", "http://www.ubuntu.com/usn/usn-2653-1/"], "pluginID": "1361412562310842261", "description": "Check the version of python2.7", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-06-26T00:00:00", "title": "Ubuntu Update for python2.7 USN-2653-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2018-04-27T00:00:00", "id": "OPENVAS:1361412562310842261", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842261", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for python2.7 USN-2653-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842261\");\n script_version(\"$Revision: 9652 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-27 11:09:48 +0200 (Fri, 27 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-26 06:25:01 +0200 (Fri, 26 Jun 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\",\n \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for python2.7 USN-2653-1\");\n script_tag(name: \"summary\", value: \"Check the version of python2.7\");\n script_tag(name: \"vuldetect\", value: \"Checks if a vulnerable version is present on the target host.\");\n script_tag(name: \"insight\", value: \"It was discovered that multiple Python\nprotocol libraries incorrectly limited certain data when connecting to servers.\nA malicious ftp, http, imap, nntp, pop or smtp server could use this issue to\ncause a denial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking\ngzip-compressed HTTP bodies. A malicious server could use this issue to\ncause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain\nargument. An attacker could possibly use this issue to read arbitrary\nmemory and expose sensitive information. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this issue\nto expose sensitive information, or possibly execute arbitrary code. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)\");\n script_tag(name: \"affected\", value: \"python2.7 on Ubuntu 14.10 ,\n Ubuntu 14.04 LTS ,\n Ubuntu 12.04 LTS\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"USN\", value: \"2653-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2653-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.8-10ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.8-10ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4-minimal\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.6-8ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.6-8ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4\", ver:\"3.4.0-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4-minimal\", ver:\"3.4.0-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.3-0ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.3-0ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.2\", ver:\"3.2.3-0ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.2-minimal\", ver:\"3.2.3-0ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:52:01", "references": ["https://www.redhat.com/archives/rhsa-announce/2015-November/msg00019.html", "2015:2101-01"], "pluginID": "1361412562310871501", "description": "Check the version of python", "edition": 2, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-11-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "RedHat Update for python RHSA-2015:2101-01", "type": "openvas", "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650", "CVE-2014-9365"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871501", "id": "OPENVAS:1361412562310871501", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2015:2101-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871501\");\n script_version(\"$Revision: 6689 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:50:06 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:24:47 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\",\n \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for python RHSA-2015:2101-01\");\n script_tag(name: \"summary\", value: \"Check the version of python\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Python is an interpreted, interactive,\nobject-oriented programming language often compared to Tcl, Perl, Scheme, or\nJava. Python includes modules, classes, exceptions, very high level dynamic\ndata types and dynamic typing. Python supports interfaces to many system calls\nand libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and\nMFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n* Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an 'Invalid\nargument' error. Subprocesses h ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"python on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"RHSA\", value: \"2015:2101-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "hackerone": [{"lastseen": "2018-04-19T17:34:09", "references": [], "bounty": 1500.0, "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/027/22df52945ba6933f27a1dbc92380fe19a4a1a93d_small.png?1383737131", "medium": "https://profile-photos.hackerone-user-content.com/000/000/027/79e9602e5e25d02b7c34cdbc40438408f47e7cd7_medium.png?1383737131"}, "handle": "ibb-python", "url": "https://hackerone.com/ibb-python"}, "bountyState": "resolved", "edition": 6, "description": "Python 2 and 3 are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking.\n\nThe sole prerequisites of this attack are that the attacker is able to control or influence the two parameters of the default scanstring function: the string to be decoded and the index.\n\nThe bug is caused by allowing the user to supply a negative index value. The index value is then used directly as an index to an array in the C code; internally the address of the array and its index are added to each other in order to yield the address of the value that is desired. However, by supplying a negative index value and adding this to the address of the array, the processor's register value wraps around and the calculated value will point to a position in memory which isn't within the bounds of the supplied string, causing the function to access other parts of the process memory.\n\nLet me clarify:\n\nThis is Python-3.4.0/Modules/_json.c:\n\n```\n1035 static PyObject *\n1036 scanner_call(PyObject *self, PyObject *args, PyObject *kwds)\n1037 {\n1038 /* Python callable interface to scan_once_{str,unicode} */\n1039 PyObject *pystr;\n1040 PyObject *rval;\n1041 Py_ssize_t idx;\n1042 Py_ssize_t next_idx = -1;\n1043 static char *kwlist[] = {\"string\", \"idx\", NULL};\n1044 PyScannerObject *s;\n1045 assert(PyScanner_Check(self));\n1046 s = (PyScannerObject *)self;\n1047 if (!PyArg_ParseTupleAndKeywords(args, kwds, \"On:scan_once\", kwlist, &pystr, &idx))\n1048 return NULL;\n1049\n1050 if (PyUnicode_Check(pystr)) {\n1051 rval = scan_once_unicode(s, pystr, idx, &next_idx);\n1052 }\n1053 else {\n1054 PyErr_Format(PyExc_TypeError,\n1055 \"first argument must be a string, not %.80s\",\n1056 Py_TYPE(pystr)->tp_name);\n1057 return NULL;\n1058 }\n1059 PyDict_Clear(s->memo);\n1060 if (rval == NULL)\n1061 return NULL;\n1062 return _build_rval_index_tuple(rval, next_idx);\n1063 }\n```\n\nAs you can see on line 1047, ParseTuple takes an 'n' as an argument for 'end', which, as can be learned from this page ( https://docs.python.org/3/c-api/arg.html ), means:\n\n```\n n (int) [Py_ssize_t]\n Convert a Python integer to a C Py_ssize_t.\n```\n\nThis means it accepts a SIGNED integer value, thus allowing a negative value to be supplied as the 'end' parameter.\n\nThen onto scanstring_unicode_once to which execution gets transferred through line 1051 of the code above.\n\n```\n922 static PyObject *\n923 scan_once_unicode(PyScannerObject *s, PyObject *pystr, Py_ssize_t\nidx, Py_ssize_t *next_idx_ptr)\n924 {\n925 /* Read one JSON term (of any kind) from PyUnicode pystr.\n926 idx is the index of the first character of the term\n927 *next_idx_ptr is a return-by-reference index to the first character after\n928 the number.\n929\n930 Returns a new PyObject representation of the term.\n931 */\n932 PyObject *res;\n933 void *str;\n934 int kind;\n935 Py_ssize_t length;\n936\n937 if (PyUnicode_READY(pystr) == -1)\n938 return NULL;\n939\n940 str = PyUnicode_DATA(pystr);\n941 kind = PyUnicode_KIND(pystr);\n942 length = PyUnicode_GET_LENGTH(pystr);\n943\n944 if (idx >= length) {\n945 raise_stop_iteration(idx);\n946 return NULL;\n947 }\n```\n\nHere we see that 'length' is set to the length of the string parameter. This will always be a positive value. On line 945 it is checked whether idx is equal or higher than length; this can never be true in the case of a negative index value.\n\n```\n949 switch (PyUnicode_READ(kind, str, idx)) {\n```\n\nPyUnicode_READ is defined as follows ( in Python-3.4.0/Include/unicodeobject.h ):\n\n```\n516 /* Read a code point from the string's canonical representation. No checks\n517 or ready calls are performed. */\n518 #define PyUnicode_READ(kind, data, index) \\\n519 ((Py_UCS4) \\\n520 ((kind) == PyUnicode_1BYTE_KIND ? \\\n521 ((const Py_UCS1 *)(data))[(index)] : \\\n522 ((kind) == PyUnicode_2BYTE_KIND ? \\\n523 ((const Py_UCS2 *)(data))[(index)] : \\\n524 ((const Py_UCS4 *)(data))[(index)] \\\n525 ) \\\n526 ))\n```\n\nHere we can see that index, which is negative in our example, is used as an array index. Since it is negative, it will internally wrap around and point to an address BELOW the address of 'data'.\n\nSo, if a certain negative value (such as -0x7FFFFFFF) is supplied and data[index] will effectively point to an invalid or read-protected page in memory, the Python executable will segfault.\n\nBut there's more. Instead of making it point to an invalid page, let's make it point to something valid:\n\n```\n1 from json import JSONDecoder\n2 j = JSONDecoder()\n3 a = \"99448866\"\n4 b = \"88445522\"\n5 diff = id(a) - id(b)\n6 print(\"Difference is \" + hex(diff))\n7 print j.raw_decode(b)\n8 print j.raw_decode(b, diff)\n```\n\nOutput of this script is:\n\nDifference is -0x30\n(88445522, 8)\n(99448866, -40)\n\nThe difference between the address of 'a' and the address of 'b' is calculated and supplied as an index to the raw_decode function.\nInternally the address wraps around and we get to see the contents of 'a' while having supplied 'b' as a parameter.\n\nWe can use this harvester to scan memory for valid JSON strings:\n\n```\n1 from json import JSONDecoder\n2 j = JSONDecoder()\n3 a = \"x\" * 1000\n4 for x in range(0, 600000):\n5 try:\n6 print j.raw_decode(a, 0 - x)\n7 except:\n8 pass\n```\n\nThere is one drawback, however. We cannot decode strings in this manner because:\n\n```\n296 static PyObject *\n297 scanstring_unicode(PyObject *pystr, Py_ssize_t end, int strict, Py_ssize_t *next_end_ptr)\n298 {\n299 /* Read the JSON string from PyUnicode pystr.\n300 end is the index of the first character after the quote.\n301 if strict is zero then literal control characters are allowed\n302 *next_end_ptr is a return-by-reference index of the character\n303 after the end quote\n304\n305 Return value is a new PyUnicode\n306 */\n307 PyObject *rval = NULL;\n308 Py_ssize_t len;\n309 Py_ssize_t begin = end - 1;\n310 Py_ssize_t next /* = begin */;\n311 const void *buf;\n312 int kind;\n313 PyObject *chunks = NULL;\n314 PyObject *chunk = NULL;\n315\n316 if (PyUnicode_READY(pystr) == -1)\n317 return 0;\n318\n319 len = PyUnicode_GET_LENGTH(pystr);\n320 buf = PyUnicode_DATA(pystr);\n321 kind = PyUnicode_KIND(pystr);\n322\n323 if (end < 0 || len < end) {\n324 PyErr_SetString(PyExc_ValueError, \"end is out of bounds\");\n325 goto bail;\n```\n\nthis code actually performs a bounds check by asserting that end (which is our index) isn't negative.\n\nHowever, I succesfully ran harvesting tests that could extract JSON-encoded arrays of numerical values (such as [10, 20, 40, 70] ) from the process memory without any problem or difficulty.\n\nGiven the ubiquity of JSON parsing in Python applications and the limited amount of prequisites and conditions under which this bug can be exploited, it is evident that this issue could have serious security implications in some cases.\n\nHere is a patch for 3.4.0:\n\n```\n--- _json_old.c 2014-04-12 17:47:08.749012372 +0200\n+++ _json.c 2014-04-12 17:44:52.253011645 +0200\n@@ -941,7 +941,7 @@\n kind = PyUnicode_KIND(pystr);\n length = PyUnicode_GET_LENGTH(pystr);\n\n- if (idx >= length) {\n+ if ( idx < 0 || idx >= length) {\n raise_stop_iteration(idx);\n return NULL;\n }\n```\n\nAnd here is a patch for 2.7.6:\n\n```\n--- _json_old.c 2014-04-12 17:57:14.365015601 +0200\n+++ _json.c 2014-04-12 18:04:25.149017898 +0200\n@@ -1491,7 +1491,7 @@\n PyObject *res;\n char *str = PyString_AS_STRING(pystr);\n Py_ssize_t length = PyString_GET_SIZE(pystr);\n- if (idx >= length) {\n+ if ( idx < 0 || idx >= length) {\n PyErr_SetNone(PyExc_StopIteration);\n return NULL;\n }\n@@ -1578,7 +1578,7 @@\n PyObject *res;\n Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);\n Py_ssize_t length = PyUnicode_GET_SIZE(pystr);\n- if (idx >= length) {\n+ if ( idx < 0 || idx >= length) {\n PyErr_SetNone(PyExc_StopIteration);\n return NULL;\n }\n```\n\n\nHere is a script that checks whether the Python binary that executes it is vulnerable:\n\n```\n1 from json import JSONDecoder\n2 j = JSONDecoder()\n3\n4 a = '128931233'\n5 b = \"472389423\"\n6\n7 if id(a) < id(b):\n8 x = a\n9 y = b\n10 else:\n11 x = b\n12 y = a\n13\n14 diff = id(x) - id(y)\n15\n16 try:\n17 j.raw_decode(y, diff)\n18 print(\"Vulnerable\")\n19 except:\n20 print(\"Not vulnerable\")\n```\n", "reporter": "guido", "published": "2014-05-16T23:14:13", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "hackerone", "title": "Python (IBB): Python vulnerability: reading arbitrary process memory", "h1reporter": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/002/983/bc1fffcbbb736a8fa94816a1961b7b76725881eb_small.jpg?1403536399"}, "hacker_mediation": false, "disabled": false, "is_me?": false, "hackerone_triager": false, "url": "/guido", "username": "guido"}, "bulletinFamily": "bugbounty", "cvelist": ["CVE-2014-4616"], "modified": "2014-06-20T05:54:36", "id": "H1:12297", "href": "https://hackerone.com/reports/12297", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-03-29T18:17:51", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-4616", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1753", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-4650", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1752", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-7185"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.7.8-10ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.4.0-2ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "3.4.2-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "3.4.2-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.4-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.4.0-2ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.4-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.3-0ubuntu3.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.2-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.7.6-8ubuntu0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.7.3-0ubuntu3.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.7.8-10ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.7.6-8ubuntu0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.7.3-0ubuntu3.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.3-0ubuntu3.7", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.2", "operator": "lt"}], "description": "It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)", "edition": 1, "reporter": "Ubuntu", "published": "2015-06-25T00:00:00", "type": "ubuntu", "title": "Python vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2015-06-25T00:00:00", "href": "https://usn.ubuntu.com/2653-1/", "id": "USN-2653-1", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2016-09-04T11:16:59", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-34.0.1.el7", "arch": "x86_64", "packageFilename": "python-2.7.5-34.0.1.el7.x86_64.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-34.0.1.el7", "arch": "x86_64", "packageFilename": "python-debug-2.7.5-34.0.1.el7.x86_64.rpm", "packageName": "python-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-34.0.1.el7", "arch": "i686", "packageFilename": "python-libs-2.7.5-34.0.1.el7.i686.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-34.0.1.el7", "arch": "x86_64", "packageFilename": "tkinter-2.7.5-34.0.1.el7.x86_64.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-34.0.1.el7", "arch": "x86_64", "packageFilename": "python-devel-2.7.5-34.0.1.el7.x86_64.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-34.0.1.el7", "arch": "x86_64", "packageFilename": "python-tools-2.7.5-34.0.1.el7.x86_64.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-34.0.1.el7", "arch": "x86_64", "packageFilename": "python-libs-2.7.5-34.0.1.el7.x86_64.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-34.0.1.el7", "arch": "src", "packageFilename": "python-2.7.5-34.0.1.el7.src.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-34.0.1.el7", "arch": "x86_64", "packageFilename": "python-test-2.7.5-34.0.1.el7.x86_64.rpm", "packageName": "python-test", "operator": "lt"}], "description": "[2.7.5-34.0.1]\n- Add Oracle Linux distribution in platform.py [orabug 20812544]\n[2.7.5-34]\n- Revert fix for rhbz#1117751 as it leads to regressions\nResolves: rhbz#1117751\n[2.7.5-33]\n- Only restore SIG_PIPE when Popen called with restore_sigpipe\nResolves: rhbz#1117751\n[2.7.5-32]\n- Backport SSLSocket.version function\n- Temporary disable test_gdb on ppc64le rhbz#1260558\nResolves: rhbz#1259421\n[2.7.5-31]\n- Update load_cert_chain function to accept None keyfile\nResolves: rhbz#1250611\n[2.7.5-30]\n- Change Patch224 according to latest update in PEP493\nResolves:rhbz#1219108\n[2.7.5-29]\n- Popen shouldn't ignore SIG_PIPE\nResolves: rhbz#1117751\n[2.7.5-28]\n- Exclude python subprocess temp files from cleaning\nResolves: rhbz#1058482\n[2.7.5-27]\n- Add list for cprofile sort option\nResolves:rhbz#1237107\n[2.7.5-26]\n- Add switch to toggle cert verification on or off globally\nResolves:rhbz#1219108\n[2.7.5-25]\n- PEP476 enable cert verifications by default\nResolves:rhbz#1219110\n[2.7.5-24]\n- Massive backport of ssl module from python3 aka PEP466\nResolves: rhbz#1111461\n[2.7.5-23]\n- Fixed CVE-2013-1753, CVE-2013-1752, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185\nResolves: rhbz#1206574\n[2.7.5-22]\n- Fix importing readline producing erroneous output\nResolves: rhbz#1189301\n[2.7.5-21]\n- Add missing import in bdist_rpm\nResolves: rhbz#1177613\n[2.7.5-20]\n- Avoid double close of subprocess pipes\nResolves: rhbz#1103452\n[2.7.5-19]\n- make multiprocessing ignore EINTR\nResolves: rhbz#1181624", "edition": 1, "reporter": "Oracle", "published": "2015-11-23T00:00:00", "title": "python security, bug fix, and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "oraclelinux", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2015-11-23T00:00:00", "id": "ELSA-2015-2101", "href": "http://linux.oracle.com/errata/ELSA-2015-2101.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:16:35", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "packageName": "python27-python-debug", "packageFilename": "python27-python-debug-2.7.8-3.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "packageName": "python27-python", "packageFilename": "python27-python-2.7.8-3.el6.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "packageName": "python27-python-tools", "packageFilename": "python27-python-tools-2.7.8-3.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.1-17.el6", "packageName": "python27-runtime", "packageFilename": "python27-runtime-1.1-17.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.5.6-5.el6", "packageName": "python27-python-pip", "packageFilename": "python27-python-pip-1.5.6-5.el6.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "packageName": "python27-python-test", "packageFilename": "python27-python-test-2.7.8-3.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.8-5.el7", "packageName": "python27-python-setuptools", "packageFilename": "python27-python-setuptools-0.9.8-5.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.1-17.el6", "packageName": "python27-scldevel", "packageFilename": "python27-scldevel-1.1-17.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "packageName": "python27-python-libs", "packageFilename": "python27-python-libs-2.7.8-3.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.1-20.el7", "packageName": "python27", "packageFilename": "python27-1.1-20.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.1-17.el6", "packageName": "python27", "packageFilename": "python27-1.1-17.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "packageName": "python27-python", "packageFilename": "python27-python-2.7.8-3.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "packageName": "python27-python-devel", "packageFilename": "python27-python-devel-2.7.8-3.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8-3.el6", "packageName": "python27-python-setuptools", "packageFilename": "python27-python-setuptools-0.9.8-3.el6.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.5.6-5.el7", "packageName": "python27-python-pip", "packageFilename": "python27-python-pip-1.5.6-5.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.1-20.el7", "packageName": "python27-runtime", "packageFilename": "python27-runtime-1.1-20.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.2.0-2.el6", "packageName": "python27-python-simplejson", "packageFilename": "python27-python-simplejson-3.2.0-2.el6.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.1-20.el7", "packageName": "python27", "packageFilename": "python27-1.1-20.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.24.0-2.el6", "packageName": "python27-python-wheel", "packageFilename": "python27-python-wheel-0.24.0-2.el6.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.2.0-3.el7", "packageName": "python27-python-simplejson", "packageFilename": "python27-python-simplejson-3.2.0-3.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "packageName": "python27-python", "packageFilename": "python27-python-2.7.8-3.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.24.0-2.el7", "packageName": "python27-python-wheel", "packageFilename": "python27-python-wheel-0.24.0-2.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "packageName": "python27-python", "packageFilename": "python27-python-2.7.8-3.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "packageName": "python27-tkinter", "packageFilename": "python27-tkinter-2.7.8-3.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "packageName": "python27-tkinter", "packageFilename": "python27-tkinter-2.7.8-3.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "packageName": "python27-python-test", "packageFilename": "python27-python-test-2.7.8-3.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.2.0-2.el6", "packageName": "python27-python-simplejson", "packageFilename": "python27-python-simplejson-3.2.0-2.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.1-17.el6", "packageName": "python27", "packageFilename": "python27-1.1-17.el6.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.1-20.el7", "packageName": "python27-scldevel", "packageFilename": "python27-scldevel-1.1-20.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.9.8-3.el6", "packageName": "python27-python-setuptools", "packageFilename": "python27-python-setuptools-0.9.8-3.el6.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "packageName": "python27-python-tools", "packageFilename": "python27-python-tools-2.7.8-3.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "packageName": "python27-python-devel", "packageFilename": "python27-python-devel-2.7.8-3.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.9.8-5.el7", "packageName": "python27-python-setuptools", "packageFilename": "python27-python-setuptools-0.9.8-5.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "1.5.6-5.el6", "packageName": "python27-python-pip", "packageFilename": "python27-python-pip-1.5.6-5.el6.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "packageName": "python27-python-debug", "packageFilename": "python27-python-debug-2.7.8-3.el6.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "packageName": "python27-python-libs", "packageFilename": "python27-python-libs-2.7.8-3.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.2.0-3.el7", "packageName": "python27-python-simplejson", "packageFilename": "python27-python-simplejson-3.2.0-3.el7.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "1.5.6-5.el7", "packageName": "python27-python-pip", "packageFilename": "python27-python-pip-1.5.6-5.el7.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.24.0-2.el7", "packageName": "python27-python-wheel", "packageFilename": "python27-python-wheel-0.24.0-2.el7.noarch.rpm", "arch": "noarch", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.24.0-2.el6", "packageName": "python27-python-wheel", "packageFilename": "python27-python-wheel-0.24.0-2.el6.noarch.rpm", "arch": "noarch", "operator": "lt"}], "description": "python27\n[1.1-17]\n- Require python-pip and python-wheel (note: in rh-python34\n this is not necessary, because 'python' depends on these).\npython27-python\n[2.7.8-3]\n- Add httplib fix for CVE-2013-1752\nResolves: rhbz#1187779\n[2.7.8-2]\n- Fix %check\nunset DISPLAY\n setion not failing properly on failed test\n- Fixed CVE-2013-1752, CVE-2013-1753\nResolves: rhbz#1187779\n[2.7.8-1]\n- Update to 2.7.8.\nResolves: rhbz#1167912\n- Make python-devel depend on scl-utils-build.\nResolves: rhbz#1170993\npython27-python-pip\n - New Package added\npython27-python-setuptools\n[0.9.8-3]\n- Enhance patch restoring proxy support in SSL connections\nResolves: rhbz#1222507\npython27-python-simplejson\n[3.2.0-2]\n- Fix CVE-2014-461, add boundary checks\nResolves: rhbz#1222534\npython27-python-wheel\n - New Package added ", "edition": 1, "reporter": "Oracle", "published": "2016-02-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "oraclelinux", "title": "python27 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1753", "CVE-2014-1912", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2016-02-04T00:00:00", "id": "ELSA-2015-1064", "href": "http://linux.oracle.com/errata/ELSA-2015-1064.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-06-16T00:38:08", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.2.0-2.el6", "arch": "x86_64", "packageName": "python27-python-simplejson-debuginfo", "packageFilename": "python27-python-simplejson-debuginfo-3.2.0-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "arch": "x86_64", "packageName": "python27-python-debuginfo", "packageFilename": "python27-python-debuginfo-2.7.8-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "arch": "src", "packageName": "python27-python", "packageFilename": "python27-python-2.7.8-3.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.2.0-2.el6", "arch": "src", "packageName": "python27-python-simplejson", "packageFilename": "python27-python-simplejson-3.2.0-2.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.2.0-2.el6", "arch": "x86_64", "packageName": "python27-python-simplejson", "packageFilename": "python27-python-simplejson-3.2.0-2.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.9.8-3.el6", "arch": "noarch", "packageName": "python27-python-setuptools", "packageFilename": "python27-python-setuptools-0.9.8-3.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "arch": "x86_64", "packageName": "python27-python", "packageFilename": "python27-python-2.7.8-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "arch": "x86_64", "packageName": "python27-python-libs", "packageFilename": "python27-python-libs-2.7.8-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "arch": "x86_64", "packageName": "python27-tkinter", "packageFilename": "python27-tkinter-2.7.8-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "arch": "x86_64", "packageName": "python27-python-tools", "packageFilename": "python27-python-tools-2.7.8-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "arch": "x86_64", "packageName": "python27-python-debug", "packageFilename": "python27-python-debug-2.7.8-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "arch": "x86_64", "packageName": "python27-python-devel", "packageFilename": "python27-python-devel-2.7.8-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.7.8-3.el6", "arch": "x86_64", "packageName": "python27-python-test", "packageFilename": "python27-python-test-2.7.8-3.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.1-17.el6", "arch": "x86_64", "packageName": "python27", "packageFilename": "python27-1.1-17.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.1-17.el6", "arch": "x86_64", "packageName": "python27-runtime", "packageFilename": "python27-runtime-1.1-17.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.24.0-2.el6", "arch": "noarch", "packageName": "python27-python-wheel", "packageFilename": "python27-python-wheel-0.24.0-2.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.1-17.el6", "arch": "x86_64", "packageName": "python27-scldevel", "packageFilename": "python27-scldevel-1.1-17.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.6-5.el6", "arch": "noarch", "packageName": "python27-python-pip", "packageFilename": "python27-python-pip-1.5.6-5.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.1-17.el6", "arch": "src", "packageName": "python27", "packageFilename": "python27-1.1-17.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.5.6-5.el6", "arch": "src", "packageName": "python27-python-pip", "packageFilename": "python27-python-pip-1.5.6-5.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.9.8-3.el6", "arch": "src", "packageName": "python27-python-setuptools", "packageFilename": "python27-python-setuptools-0.9.8-3.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "0.24.0-2.el6", "arch": "src", "packageName": "python27-python-wheel", "packageFilename": "python27-python-wheel-0.24.0-2.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.2.0-3.el7", "arch": "x86_64", "packageName": "python27-python-simplejson-debuginfo", "packageFilename": "python27-python-simplejson-debuginfo-3.2.0-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "arch": "x86_64", "packageName": "python27-python-debuginfo", "packageFilename": "python27-python-debuginfo-2.7.8-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "arch": "src", "packageName": "python27-python", "packageFilename": "python27-python-2.7.8-3.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.2.0-3.el7", "arch": "src", "packageName": "python27-python-simplejson", "packageFilename": "python27-python-simplejson-3.2.0-3.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.5.6-5.el7", "arch": "noarch", "packageName": "python27-python-pip", "packageFilename": "python27-python-pip-1.5.6-5.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "arch": "x86_64", "packageName": "python27-python-debug", "packageFilename": "python27-python-debug-2.7.8-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "arch": "x86_64", "packageName": "python27-python-devel", "packageFilename": "python27-python-devel-2.7.8-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "arch": "x86_64", "packageName": "python27-python-libs", "packageFilename": "python27-python-libs-2.7.8-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.8-5.el7", "arch": "noarch", "packageName": "python27-python-setuptools", "packageFilename": "python27-python-setuptools-0.9.8-5.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "arch": "x86_64", "packageName": "python27-tkinter", "packageFilename": "python27-tkinter-2.7.8-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "arch": "x86_64", "packageName": "python27-python-tools", "packageFilename": "python27-python-tools-2.7.8-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.24.0-2.el7", "arch": "noarch", "packageName": "python27-python-wheel", "packageFilename": "python27-python-wheel-0.24.0-2.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "arch": "x86_64", "packageName": "python27-python-test", "packageFilename": "python27-python-test-2.7.8-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.1-20.el7", "arch": "x86_64", "packageName": "python27-runtime", "packageFilename": "python27-runtime-1.1-20.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.1-20.el7", "arch": "x86_64", "packageName": "python27", "packageFilename": "python27-1.1-20.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.8-3.el7", "arch": "x86_64", "packageName": "python27-python", "packageFilename": "python27-python-2.7.8-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.1-20.el7", "arch": "x86_64", "packageName": "python27-scldevel", "packageFilename": "python27-scldevel-1.1-20.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.2.0-3.el7", "arch": "x86_64", "packageName": "python27-python-simplejson", "packageFilename": "python27-python-simplejson-3.2.0-3.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.1-20.el7", "arch": "src", "packageName": "python27", "packageFilename": "python27-1.1-20.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.5.6-5.el7", "arch": "src", "packageName": "python27-python-pip", "packageFilename": "python27-python-pip-1.5.6-5.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.9.8-5.el7", "arch": "src", "packageName": "python27-python-setuptools", "packageFilename": "python27-python-setuptools-0.9.8-5.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "0.24.0-2.el7", "arch": "src", "packageName": "python27-python-wheel", "packageFilename": "python27-python-wheel-0.24.0-2.el7.src.rpm", "operator": "lt"}], "description": "Python is an interpreted, interactive, object-oriented programming language\nthat supports modules, classes, exceptions, high-level dynamic data types,\nand dynamic typing. The python27 collection provide a stable release of\nPython 2.7 with a number of additional utilities and database connectors\nfor MySQL and PostgreSQL.\n\nThe python27-python packages have been upgraded to upstream version 2.7.8,\nwhich provides numerous bug fixes over the previous version. (BZ#1167912)\n\nThe following security issues were fixed in the python27-python component:\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThe following security issue was fixed in the python27-python and\npython27-python-simplejson components:\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nIn addition, this update adds the following enhancement:\n\n* The python27 Software Collection now includes the python-wheel and\npython-pip modules. (BZ#994189, BZ#1167902)\n\nAll python27 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. All running python27\ninstances must be restarted for this update to take effect.\n", "reporter": "RedHat", "published": "2015-06-04T04:00:00", "type": "redhat", "title": "(RHSA-2015:1064) Moderate: python27 security, bug fix, and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-1912", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-13T01:28:19", "id": "RHSA-2015:1064", "href": "https://access.redhat.com/errata/RHSA-2015:1064", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-15T14:24:32", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "aarch64", "packageFilename": "python-2.7.5-34.el7.aarch64.rpm", "packageName": "python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64", "packageFilename": "python-2.7.5-34.el7.ppc64.rpm", "packageName": "python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64le", "packageFilename": "python-2.7.5-34.el7.ppc64le.rpm", "packageName": "python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390x", "packageFilename": "python-2.7.5-34.el7.s390x.rpm", "packageName": "python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "src", "packageFilename": "python-2.7.5-34.el7.src.rpm", "packageName": "python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "x86_64", "packageFilename": "python-2.7.5-34.el7.x86_64.rpm", "packageName": "python", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "aarch64", "packageFilename": "python-debug-2.7.5-34.el7.aarch64.rpm", "packageName": "python-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64", "packageFilename": "python-debug-2.7.5-34.el7.ppc64.rpm", "packageName": "python-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64le", "packageFilename": "python-debug-2.7.5-34.el7.ppc64le.rpm", "packageName": "python-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390x", "packageFilename": "python-debug-2.7.5-34.el7.s390x.rpm", "packageName": "python-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "x86_64", "packageFilename": "python-debug-2.7.5-34.el7.x86_64.rpm", "packageName": "python-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "aarch64", "packageFilename": "python-debuginfo-2.7.5-34.el7.aarch64.rpm", "packageName": "python-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "i686", "packageFilename": "python-debuginfo-2.7.5-34.el7.i686.rpm", "packageName": "python-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc", "packageFilename": "python-debuginfo-2.7.5-34.el7.ppc.rpm", "packageName": "python-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64", "packageFilename": "python-debuginfo-2.7.5-34.el7.ppc64.rpm", "packageName": "python-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64le", "packageFilename": "python-debuginfo-2.7.5-34.el7.ppc64le.rpm", "packageName": "python-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390", "packageFilename": "python-debuginfo-2.7.5-34.el7.s390.rpm", "packageName": "python-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390x", "packageFilename": "python-debuginfo-2.7.5-34.el7.s390x.rpm", "packageName": "python-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "x86_64", "packageFilename": "python-debuginfo-2.7.5-34.el7.x86_64.rpm", "packageName": "python-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "aarch64", "packageFilename": "python-devel-2.7.5-34.el7.aarch64.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64", "packageFilename": "python-devel-2.7.5-34.el7.ppc64.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64le", "packageFilename": "python-devel-2.7.5-34.el7.ppc64le.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390x", "packageFilename": "python-devel-2.7.5-34.el7.s390x.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "x86_64", "packageFilename": "python-devel-2.7.5-34.el7.x86_64.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "aarch64", "packageFilename": "python-libs-2.7.5-34.el7.aarch64.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "i686", "packageFilename": "python-libs-2.7.5-34.el7.i686.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc", "packageFilename": "python-libs-2.7.5-34.el7.ppc.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64", "packageFilename": "python-libs-2.7.5-34.el7.ppc64.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64le", "packageFilename": "python-libs-2.7.5-34.el7.ppc64le.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390", "packageFilename": "python-libs-2.7.5-34.el7.s390.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390x", "packageFilename": "python-libs-2.7.5-34.el7.s390x.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "x86_64", "packageFilename": "python-libs-2.7.5-34.el7.x86_64.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "aarch64", "packageFilename": "python-test-2.7.5-34.el7.aarch64.rpm", "packageName": "python-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64", "packageFilename": "python-test-2.7.5-34.el7.ppc64.rpm", "packageName": "python-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64le", "packageFilename": "python-test-2.7.5-34.el7.ppc64le.rpm", "packageName": "python-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390x", "packageFilename": "python-test-2.7.5-34.el7.s390x.rpm", "packageName": "python-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "x86_64", "packageFilename": "python-test-2.7.5-34.el7.x86_64.rpm", "packageName": "python-test", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "aarch64", "packageFilename": "python-tools-2.7.5-34.el7.aarch64.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64", "packageFilename": "python-tools-2.7.5-34.el7.ppc64.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64le", "packageFilename": "python-tools-2.7.5-34.el7.ppc64le.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390x", "packageFilename": "python-tools-2.7.5-34.el7.s390x.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "x86_64", "packageFilename": "python-tools-2.7.5-34.el7.x86_64.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "aarch64", "packageFilename": "tkinter-2.7.5-34.el7.aarch64.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64", "packageFilename": "tkinter-2.7.5-34.el7.ppc64.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "ppc64le", "packageFilename": "tkinter-2.7.5-34.el7.ppc64le.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "s390x", "packageFilename": "tkinter-2.7.5-34.el7.s390x.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "arch": "x86_64", "packageFilename": "tkinter-2.7.5-34.el7.x86_64.rpm", "packageName": "tkinter", "operator": "lt"}], "description": "Python is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n* Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an \"Invalid\nargument\" error. Subprocesses have been fixed to close the file descriptors\nonly once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer\nproduces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the \"-s\"\noption supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts \"None\" as a keyfile argument.\n(BZ#1250611)\n\nIn addition, this update adds the following enhancements:\n\n* Security enhancements as described in PEP 466 have been backported to the\nPython standard library, for example, new features of the ssl module:\nServer Name Indication (SNI) support, support for new TLSv1.x protocols,\nnew hash algorithms in the hashlib module, and many more. (BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl\nlibrary. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information\nabout the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "reporter": "RedHat", "published": "2015-11-19T18:41:01", "title": "(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "redhat", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:32:44", "id": "RHSA-2015:2101", "href": "https://access.redhat.com/errata/RHSA-2015:2101", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:25:31", "references": ["https://rhn.redhat.com/errata/RHSA-2015-2101.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "packageFilename": "python-test-2.7.5-34.el7.x86_64.rpm", "packageName": "python-test", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "packageFilename": "python-tools-2.7.5-34.el7.x86_64.rpm", "packageName": "python-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "packageFilename": "tkinter-2.7.5-34.el7.x86_64.rpm", "packageName": "tkinter", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "packageFilename": "python-libs-2.7.5-34.el7.x86_64.rpm", "packageName": "python-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "packageFilename": "python-libs-2.7.5-34.el7.i686.rpm", "packageName": "python-libs", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "packageFilename": "python-2.7.5-34.el7.x86_64.rpm", "packageName": "python", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "packageFilename": "python-debug-2.7.5-34.el7.x86_64.rpm", "packageName": "python-debug", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-34.el7", "packageFilename": "python-devel-2.7.5-34.el7.x86_64.rpm", "packageName": "python-devel", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:2101\n\n\nPython is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n* Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an \"Invalid\nargument\" error. Subprocesses have been fixed to close the file descriptors\nonly once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer\nproduces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the \"-s\"\noption supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts \"None\" as a keyfile argument.\n(BZ#1250611)\n\nIn addition, this update adds the following enhancements:\n\n* Security enhancements as described in PEP 466 have been backported to the\nPython standard library, for example, new features of the ssl module:\nServer Name Indication (SNI) support, support for new TLSv1.x protocols,\nnew hash algorithms in the hashlib module, and many more. (BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl\nlibrary. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information\nabout the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002560.html\n\n**Affected packages:**\npython\npython-debug\npython-devel\npython-libs\npython-test\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2101.html", "edition": 1, "reporter": "CentOS Project", "published": "2015-11-30T19:48:49", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "python, tkinter security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650", "CVE-2014-9365"], "modified": "2015-11-30T19:48:49", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/002560.html", "id": "CESA-2015:2101", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:48", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1752", "https://bugs.gentoo.org/show_bug.cgi?id=505068", "https://bugs.gentoo.org/show_bug.cgi?id=495224", "https://bugs.gentoo.org/show_bug.cgi?id=500518", "https://bugs.gentoo.org/show_bug.cgi?id=514686", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1912", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7338", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4616", "https://bugs.gentoo.org/show_bug.cgi?id=523792", "https://bugs.gentoo.org/show_bug.cgi?id=532232", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9365", "https://bugs.gentoo.org/show_bug.cgi?id=506084", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7185"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.3.5-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-lang/python", "operator": "lt"}], "edition": 1, "description": "### Background\n\nPython is an interpreted, interactive, object-oriented programming language. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker may be able to execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Python 3.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-3.3.5-r1\"\n \n\nAll Python 2.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.7.9-r1\"", "reporter": "Gentoo Foundation", "published": "2015-03-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Python: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1912", "CVE-2014-2667", "CVE-2013-7338", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-9365"], "modified": "2015-06-17T00:00:00", "id": "GLSA-201503-10", "href": "https://security.gentoo.org/glsa/201503-10", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}}
