Lucene search
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2015-075.NASLHistoryMar 30, 2015 - 12:00 a.m.
Mandriva Linux Security Advisory : python (MDVSA-2015:075)
2015-03-3000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
26
Updated python packages fix security vulnerabilities :
A vulnerability was reported in Pythonβs socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912).
This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules (CVE-2013-1752).
Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules (CVE-2013-1752).
A gzip bomb and unbound read denial of service flaw in python XMLRPC library (CVE-2013-1753).
Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).
The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI scriptβs source code or execute arbitrary scripts in the serverβs document root (CVE-2014-4650).
Python before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185).
When Pythonβs standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking (CVE-2014-9365).
The python-pip and tix packages was added due to missing build dependencies.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2015:075.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(82328);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2013-1752", "CVE-2013-1753", "CVE-2014-1912", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365");
script_xref(name:"MDVSA", value:"2015:075");
script_name(english:"Mandriva Linux Security Advisory : python (MDVSA-2015:075)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated python packages fix security vulnerabilities :
A vulnerability was reported in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could
be exploited to cause a buffer overflow. This could be used to crash a
Python application that uses the socket.recvfrom_info() function or,
possibly, execute arbitrary code with the permissions of the user
running vulnerable Python code (CVE-2014-1912).
This updates the python package to version 2.7.6, which fixes several
other bugs, including denial of service flaws due to unbound
readline() calls in the ftplib and nntplib modules (CVE-2013-1752).
Denial of service flaws due to unbound readline() calls in the
imaplib, poplib, and smtplib modules (CVE-2013-1752).
A gzip bomb and unbound read denial of service flaw in python XMLRPC
library (CVE-2013-1753).
Python are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient
bounds checking. The bug is caused by allowing the user to supply a
negative value that is used an an array index, causing the scanstring
function to access process memory outside of the string it is intended
to access (CVE-2014-4616).
The CGIHTTPServer Python module does not properly handle URL-encoded
path separators in URLs. This may enable attackers to disclose a CGI
script's source code or execute arbitrary scripts in the server's
document root (CVE-2014-4650).
Python before 2.7.8 is vulnerable to an integer overflow in the buffer
type (CVE-2014-7185).
When Python's standard library HTTP clients (httplib, urllib, urllib2,
xmlrpclib) are used to access resources with HTTPS, by default the
certificate is not checked against any trust store, nor is the
hostname in the certificate checked against the requested host. It was
possible to configure a trust root to be checked against, however
there were no faculties for hostname checking (CVE-2014-9365).
The python-pip and tix packages was added due to missing build
dependencies."
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0085.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0139.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0285.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0399.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python2.7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-pip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python3-pip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tix");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tix-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter-apps");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64python-devel-2.7.9-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64python2.7-2.7.9-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"python-2.7.9-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", reference:"python-docs-2.7.9-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", reference:"python-pip-1.4.1-4.2.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", reference:"python3-pip-1.4.1-4.2.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"tix-8.4.3-9.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"tix-devel-8.4.3-9.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"tkinter-2.7.9-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"tkinter-apps-2.7.9-1.mbs2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | lib64python-devel | p-cpe:/a:mandriva:linux:lib64python-devel |
| mandriva | linux | lib64python2.7 | p-cpe:/a:mandriva:linux:lib64python2.7 |
| mandriva | linux | python | p-cpe:/a:mandriva:linux:python |
| mandriva | linux | python-docs | p-cpe:/a:mandriva:linux:python-docs |
| mandriva | linux | python-pip | p-cpe:/a:mandriva:linux:python-pip |
| mandriva | linux | python3-pip | p-cpe:/a:mandriva:linux:python3-pip |
| mandriva | linux | tix | p-cpe:/a:mandriva:linux:tix |
| mandriva | linux | tix-devel | p-cpe:/a:mandriva:linux:tix-devel |
| mandriva | linux | tkinter | p-cpe:/a:mandriva:linux:tkinter |
| mandriva | linux | tkinter-apps | p-cpe:/a:mandriva:linux:tkinter-apps |
References
advisories.mageia.org/MGASA-2014-0085.html
advisories.mageia.org/MGASA-2014-0139.html
advisories.mageia.org/MGASA-2014-0285.html
advisories.mageia.org/MGASA-2014-0399.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9365
Related
redhat
redhat
(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update
2015-11-19 13:41:01
(RHSA-2015:1330) Moderate: python security, bug fix, and enhancement update
2015-07-22 00:00:00
nessus
nessus
Oracle Linux 7 : python (ELSA-2015-2101)
2015-11-24 00:00:00
RHEL 7 : python (RHSA-2015:2101)
2015-11-20 00:00:00
Oracle Linux 6 / 7 : python27 (ELSA-2015-1064)
2023-09-07 00:00:00
centos
centos
python, tkinter security update
2015-11-30 19:48:49
python, tkinter security update
2015-07-26 14:11:19
python, tkinter security update
2017-08-24 01:40:45
veracode
veracode
Improper Input Validation
2019-05-02 05:39:24
Sensitive Information Leakage
2019-05-02 05:39:25
Improper Input Validation
2019-05-02 05:39:24
openvas
openvas
RedHat Update for python RHSA-2015:2101-01
2015-11-20 00:00:00
Oracle: Security Advisory (ELSA-2015-1064)
2016-02-05 00:00:00
Oracle: Security Advisory (ELSA-2015-2101)
2015-11-24 00:00:00
oraclelinux
oraclelinux
python27 security, bug fix, and enhancement update
2016-02-04 00:00:00
python security, bug fix, and enhancement update
2015-11-23 00:00:00
python security, bug fix, and enhancement update
2015-07-28 00:00:00
ibm
ibm
ubuntu
ubuntu
Python vulnerabilities
2015-06-25 00:00:00
Python vulnerability
2014-03-03 00:00:00
archlinux
archlinux
python2: multiple issues
2014-12-15 00:00:00
python2: Information leakage through integer overflow
2014-09-26 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2015-03-18 00:00:00
amazon
amazon
Medium: python27
2015-06-22 10:31:00
Medium: python26
2015-12-14 10:00:00
Medium: python27
2014-11-05 12:15:00
securityvulns
securityvulns
python security vulnerabilities
2014-07-14 00:00:00
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution
2014-10-15 00:00:00
[ MDVSA-2014:197 ] python
2014-10-27 00:00:00
mageia
mageia
Updated python & python3 packages fix two vulnerabilities
2014-07-09 02:35:18
Updated python & python3 packages fix multiple vulnerabilities
2014-02-20 01:24:08
Updated python package fixes security vulnerabilities
2014-03-24 11:37:41
fedora
fedora
[SECURITY] Fedora 21 Update: python3-3.4.1-16.fc21
2014-11-10 06:36:31
[SECURITY] Fedora 20 Update: python3-3.3.2-18.fc20
2014-11-09 15:45:22
[SECURITY] Fedora 20 Update: python-2.7.5-16.fc20
2015-04-22 22:41:55
f5
f5
Python vulnerability CVE-2014-9365
2018-08-29 21:42:00
K78825687 : Python and Jython vulnerability CVE-2014-7185
2017-07-21 00:00:00
prion
prion
Design/Logic Flaw
2014-12-12 11:59:00
Directory traversal
2020-02-20 17:15:00
Buffer overflow
2014-03-01 00:55:00
debiancve
debiancve
cve
cve
ubuntucve
ubuntucve
github
github
simplejson before 2.6.1 vulnerable to array index error
2022-05-14 02:05:09
hackerone
hackerone
Internet Bug Bounty: Python vulnerability: reading arbitrary process memory
2014-05-16 23:14:13
osv
osv
CVE-2014-4616
2017-08-24 20:29:00
JSONDecoder.raw_decode
2017-08-24 20:00:00
simplejson before 2.6.1 vulnerable to array index error
2022-05-14 02:05:09
alpinelinux
alpinelinux
CVE-2014-4616
2017-08-24 20:29:00
exploitpack
exploitpack
Python CGIHTTPServer - Encoded Directory Traversal
2014-06-27 00:00:00
Python - socket.recvfrom_into() Remote Buffer Overflow
2014-02-24 00:00:00
packetstorm
packetstorm
Python CGIHTTPServer File Disclosure / Code Execution
2014-06-27 00:00:00
zdt
zdt
Python socket.recvfrom_into() remote buffer overflow exploit
2014-02-23 00:00:00
seebug
seebug
Python "sock_recvfrom_into()" ηΌε²εΊζΊ’εΊζΌζ΄
2014-02-25 00:00:00
Python socket.recvfrom_into() - Remote Buffer Overflow
2014-07-01 00:00:00
Related for MANDRIVA_MDVSA-2015-075.NASL