Vulners
Lucene search
MiracleLinux 4 : python-2.6.6-52.0.1.AXS4 (AXSA:2014-069:01)
| Reporter | Title | Published | Views | Family All 520 |
|---|---|---|---|---|
 | Mozilla Firefox < 3.0.13/3.5.0 Multiple Vulnerabilities | 3 Aug 200900:00 | – | nessus |
| SeaMonkey < 1.1.18 Multiple Vulnerabilities | 3 Sep 200900:00 | – | nessus |
| Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities | 10 Nov 200900:00 | – | nessus |
| Mozilla Thunderbird < 2.0.0.23 Multiple Vulnerabilities | 4 Mar 201000:00 | – | nessus |
| Firefox < 3.0.13/3.5.0 Multiple Vulnerabilities | 3 Aug 200900:00 | – | nessus |
| Mac OS X 10.6 < 10.6.2 Multiple Vulnerabilities | 10 Nov 200900:00 | – | nessus |
| Mozilla SeaMonkey < 1.1.18 Multiple Vulnerabilities | 3 Sep 200900:00 | – | nessus |
| Mozilla Thunderbird < 2.0.0.23 Certificate Authority (CA) Common Null Byte Handling SSL MiTM Weakness | 4 Mar 201000:00 | – | nessus |
| AIX 6.1 TL 4 : sendmail (IZ70637) | 24 Jan 201300:00 | – | nessus |
| AIX 6.1 TL 3 : sendmail (IZ72510) | 24 Jan 201300:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2014-069:01.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(289781);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");
script_cve_id("CVE-2013-4238");
script_name(english:"MiracleLinux 4 : python-2.6.6-52.0.1.AXS4 (AXSA:2014-069:01)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the
AXSA:2014-069:01 advisory.
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl,
Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various
windowing systems (X11, Motif, Tk, Mac and MFC).
Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension
language for applications that need a programmable interface. This package contains most of the standard
Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM.
Note that documentation for Python is provided in the python-docs package.
Security issues fixed with this release:
CVE-2013-4238
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a
'\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, a related issue to CVE-2009-2408.
Fixed bug:
Fixed some dependencies problems on x86_64.
Previously, many Python executables from python-tools started with the #!/usr/bin/env python shebang,
which made installing and using alternative Python versions complicated. This has been fixed and the
shebang has been changed to #!/usr/bin/python.
Previously, an insert statement in the Turkish locale was not accepted in the sqlite3.Cursor.lastrowid
object which led to an installation failure when selecting Turkish in the graphical installer. This has
been fixed.
Removed a UTF-8 BOM (byte order mark) insertion code from SysLogHandler that caused messages to be
treated as EMERG level and therefore to be displayed on all user consoles.
Previously, if the /dev/urandom file did not exist, the random.py script failed to import the random
module and other programs would crash. This has been fixed.
Previously, rotating to a new log file failed because the WatchedFileHandler class could not handle a
race condition. This has been fixed.
Fixed the handling of Alternative Subject Names so that false authentication errors no longer occur when
reading Alternative Subject Names from certain SSL certificates.
Previously, some HTTP servers would crash because the SocketServer module did not handle the system call
interruption properly. This has been fixed.
Previously, the Eventlet library would crash when passing the timeout=None argument to the
subprocess.Popen() function. This has been fixed.
Previously, failed incoming SSL connections remained open forever on Python 2 versions. This has been
fixed.
Previously, if multiple libexpat.so libraries were available, Python failed to choose the correct one.
This has been fixed. by adding an explicit RPATH to the _elementtree.so.
Fixed the urlparse module parsing of the query and fragment parts of URLs for arbitrary XML schemes.
Enhancement
Added the collections.OrderedDict data structure to the collections package: it is used in application
code to make sure that the in-memory python dictionaries are emitted in the same order when converted to a
string by the json.dumps routines.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/4503");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4238");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/12");
script_set_attribute(attribute:"patch_publication_date", value:"2014/03/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:python-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:python-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:tkinter");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '4',
'pkgs': [
{'reference':'python-2.6.6-52.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'python-2.6.6-52.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'python-devel-2.6.6-52.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'python-devel-2.6.6-52.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'python-libs-2.6.6-52.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'python-libs-2.6.6-52.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'tkinter-2.6.6-52.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'tkinter-2.6.6-52.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python / python-devel / python-libs / tkinter');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Jan 2026 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 3.15.9
CVSS 26.8
EPSS0.01855