MiracleLinux 3 : python-2.4.3-43.0.1.AXS3 (AXSA:2011-10:01)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2011-10:01.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(284342);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/14");

  script_cve_id(
    "CVE-2008-5983",
    "CVE-2009-4134",
    "CVE-2010-1449",
    "CVE-2010-1450",
    "CVE-2010-1634",
    "CVE-2010-2089"
  );

  script_name(english:"MiracleLinux 3 : python-2.4.3-43.0.1.AXS3 (AXSA:2011-10:01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2011-10:01 advisory.

    Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl,
    Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and
    dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various
    windowing systems (X11, Motif, Tk, Mac and MFC).
    Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension
    language for applications that need a programmable interface. This package contains most of the standard
    Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM.
    Note that documentation for Python is provided in the python-docs package.
    Security issues fixed with this release:
    CVE-2008-5983
    Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and
    possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a
    path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in
    the current working directory.
    CVE-2009-4134
    Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service
    (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an
    invalid pointer dereference.
    CVE-2010-1449
    Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an
    unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists
    because of an incomplete fix for CVE-2008-3143.12.
    CVE-2010-1450
    Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to
    have an unspecified impact via an image file containing crafted data that triggers improper processing
    within the (1) longimagedata or (2) expandrow function.
    CVE-2010-1634
    Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow
    context-dependent attackers to cause a denial of service (application crash) via a large fragment, as
    demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer
    overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.
    CVE-2010-2089
    The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte
    string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption
    and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte
    string, a different vulnerability than CVE-2010-1634.
    Fixed bugs:
    * When starting a child process from the subprocess module in Python 2.4, the parent process could leak
    file descriptors if an error occurred. This update resolves the issue.
    * Prior to Python 2.7, programs that used 'ulimit -n' to enable communication with large numbers of
    subprocesses could still monitor only 1024 file descriptors at a time, which caused an exception:
    ValueError: filedescriptor out of range in select()
    This was due to the subprocess module using the 'select' system call. The module now uses the 'poll'
    system call, removing this limitation.
    * Prior to Python 2.5, the tarfile module failed to unpack tar files if the path was longer than 100
    characters. This update backports the tarfile module from Python 2.5 and the issue no longer occurs.
    * The email module incorrectly implemented the logic for obtaining attachment file names: the
    get_filename() fallback for using the deprecated 'name' parameter of the 'Content-Type' header erroneously
    used the 'Content-Disposition' header. This update backports a fix from Python 2.6, which resolves this
    issue.
    * Prior to version 2.5, Python's optimized memory allocator never released memory back to the system. The
    memory usage of a long-running Python process would resemble a 'high-water mark'. This update backports a
    fix from Python 2.5a1, which frees unused arenas, and adds a non-standard sys._debugmallocstats()
    function, which prints diagnostic information to stderr. Finally, when running under Valgrind, the
    optimized allocator is deactivated, to allow more convenient debugging of Python memory usage issues.
    * The urllib and urllib2 modules ignored the no_proxy variable, which could lead to programs such as 'yum'
    erroneously accessing a proxy server for URLs covered by a 'no_proxy' exclusion. This has been fixed by
    backporting fixes of urllib and urllib2, which respect the 'no_proxy' variable.
    Enhancements:
    * This update introduces a new python-libs package, subsuming the majority of the content of the core
    python package. This makes both 32-bit and 64-bit Python libraries available on PowerPC systems.
    * The python-libs.i386 package is now available for 64-bit Itanium with the 32-bit Itanium compatibility
    mode.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/1689");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-1450");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2010-1634");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:python-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:python-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tkinter");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'python-2.4.3-43.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'python-devel-2.4.3-43.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'python-libs-2.4.3-43.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'python-tools-2.4.3-43.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'tkinter-2.4.3-43.0.1.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python / python-devel / python-libs / python-tools / tkinter');
}