The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1806-1 advisory.
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for httplib2.Http.request()
could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
(CVE-2020-11078)
httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of \xa0 characters in the www-authenticate header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library. (CVE-2021-21240)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:1806-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(151722);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/08");
script_cve_id("CVE-2020-11078", "CVE-2021-21240");
script_name(english:"openSUSE 15 Security Update : python-httplib2 (openSUSE-SU-2021:1806-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:1806-1 advisory.
- In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for
`httplib2.Http.request()` could change request headers and body, send additional hidden requests to same
server. This vulnerability impacts software that uses httplib2 with uri constructed by string
concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
(CVE-2020-11078)
- httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious
server which responds with long series of \xa0 characters in the www-authenticate header may cause
Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is
fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing
library. (CVE-2021-21240)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1171998");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1182053");
# https://lists.opensuse.org/archives/list/[email protected]/thread/DTGWJY2VML3YAAFAOOYJAQP5SZ4X6XWG/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?802ab0db");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-11078");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-21240");
script_set_attribute(attribute:"solution", value:
"Update the affected python2-httplib2 and / or python3-httplib2 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11078");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/20");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python2-httplib2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-httplib2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.3");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.3)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
pkgs = [
{'reference':'python2-httplib2-0.19.0-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-httplib2-0.19.0-3.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
cpu = NULL;
rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python2-httplib2 / python3-httplib2');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | python2-httplib2 | p-cpe:/a:novell:opensuse:python2-httplib2 |
novell | opensuse | python3-httplib2 | p-cpe:/a:novell:opensuse:python3-httplib2 |
novell | opensuse | 15.3 | cpe:/o:novell:opensuse:15.3 |