Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2013-1582.NASL
HistoryNov 21, 2013 - 12:00 a.m.

RHEL 6 : python (RHSA-2013:1582)

2013-11-2100:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Python is an interpreted, interactive, object-oriented programming language.

A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238)

These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes.

All users of python are advised to upgrade to these updated packages, which fix these issues and add this enhancement.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2013:1582. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71006);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2013-4238");
  script_bugtraq_id(61738);
  script_xref(name:"RHSA", value:"2013:1582");

  script_name(english:"RHEL 6 : python (RHSA-2013:1582)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated python packages that fix one security issue, several bugs, and
add one enhancement are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

Python is an interpreted, interactive, object-oriented programming
language.

A flaw was found in the way the Python SSL module handled X.509
certificate fields that contain a NULL byte. An attacker could
potentially exploit this flaw to conduct man-in-the-middle attacks to
spoof SSL servers. Note that to exploit this issue, an attacker would
need to obtain a carefully crafted certificate signed by an authority
that the client trusts. (CVE-2013-4238)

These updated python packages include numerous bug fixes and one
enhancement. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5
Technical Notes, linked to in the References, for information on the
most significant of these changes.

All users of python are advised to upgrade to these updated packages,
which fix these issues and add this enhancement."
  );
  # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c6b506c4"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2013:1582"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-4238"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tkinter");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2013:1582";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-debuginfo-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-debuginfo-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-debuginfo-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-devel-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-devel-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-devel-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-libs-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-libs-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-libs-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-test-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-test-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-test-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-tools-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-tools-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-tools-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"tkinter-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"tkinter-2.6.6-51.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"tkinter-2.6.6-51.el6")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debuginfo / python-devel / python-libs / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxpythonp-cpe:/a:redhat:enterprise_linux:python
redhatenterprise_linuxpython-debuginfop-cpe:/a:redhat:enterprise_linux:python-debuginfo
redhatenterprise_linuxpython-develp-cpe:/a:redhat:enterprise_linux:python-devel
redhatenterprise_linuxpython-libsp-cpe:/a:redhat:enterprise_linux:python-libs
redhatenterprise_linuxpython-testp-cpe:/a:redhat:enterprise_linux:python-test
redhatenterprise_linuxpython-toolsp-cpe:/a:redhat:enterprise_linux:python-tools
redhatenterprise_linuxtkinterp-cpe:/a:redhat:enterprise_linux:tkinter
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6

Related

nessus 32
oraclelinux 1
openvas 44
redhat 2
ubuntu 4
fedora 10
centos 1
securityvulns 2
f5 2
prion 2
seebug 1
mageia 2
osv 4
debian 2
cve 2
amazon 2
veracode 1
debiancve 1
ubuntucve 1
vmware 2
ibm 1
suse 1
nessus
nessus
Scientific Linux Security Update : python on SL6.x i386/x86_64 (20131121)
2013-12-04 00:00:00
Fedora 19 : python-2.7.5-4.fc19 (2013-15146)
2013-08-25 00:00:00
Mandriva Linux Security Advisory : python (MDVSA-2013:214)
2013-08-22 00:00:00
oraclelinux
oraclelinux
python security, bug fix, and enhancement update
2013-11-26 00:00:00
openvas
openvas
RedHat Update for python RHSA-2013:1582-02
2013-11-21 00:00:00
Fedora Update for python3 FEDORA-2013-21418
2013-11-26 00:00:00
Ubuntu Update for python2.6 USN-1982-1
2013-10-03 00:00:00
redhat
redhat
(RHSA-2013:1582) Moderate: python security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update
2013-11-21 00:00:00
ubuntu
ubuntu
Python 2.6 vulnerability
2013-10-01 00:00:00
Python 3.2 vulnerabilities
2013-10-01 00:00:00
Python 3.3 vulnerabilities
2013-10-01 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: python-2.7.5-4.fc19
2013-08-24 22:27:19
[SECURITY] Fedora 19 Update: python3-3.3.2-8.fc19
2013-11-26 04:01:31
[SECURITY] Fedora 19 Update: python3-3.3.2-6.fc19
2013-08-27 23:35:51
centos
centos
python, tkinter security update
2013-11-26 13:32:42
securityvulns
securityvulns
Python SSL certificate check bypass
2013-10-02 00:00:00
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
2014-12-11 00:00:00
f5
f5
K15638 : Python vulnerability CVE-2013-4238
2014-10-17 00:00:00
SOL15638 - Python vulnerability CVE-2013-4238
2014-09-29 00:00:00
prion
prion
Design/Logic Flaw
2013-08-18 02:52:00
Design/Logic Flaw
2013-08-27 03:34:00
seebug
seebug
Pythonๅคšไธชๅฎ‰ๅ…จๆผๆดž
2013-12-30 00:00:00
mageia
mageia
Updated python3, bzr and some python packages fix security vulnerabilties
2013-08-22 21:58:14
Updated python packages fix CVE-2013-4328 and pip
2013-08-17 12:43:24
osv
osv
python2.7 - security update
2014-03-17 00:00:00
python2.6 - regression update
2014-07-31 00:00:00
python2.6 - regression update
2014-07-31 00:00:00
debian
debian
[SECURITY] [DSA 2880-1] python2.7 security update
2014-03-17 18:07:37
[DLA 25-1] python2.6 security update
2014-07-31 21:07:32
cve
cve
CVE-2013-4328
2013-08-27 03:34:00
CVE-2013-4238
2013-08-18 02:52:00
amazon
amazon
Medium: python27
2013-09-04 13:31:00
Medium: python26
2013-11-03 12:09:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 08:51:35
debiancve
debiancve
CVE-2013-4238
2013-08-18 02:52:00
ubuntucve
ubuntucve
CVE-2013-4238
2013-08-17 00:00:00
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in python 2.6.4 used in OS Image for AIX shipped with IBM Cloud Pak System
2020-05-06 11:57:04
suse
suse
Security update for python3 (important)
2020-01-21 00:00:00
JSON
Related for REDHAT-RHSA-2013-1582.NASL
nessus32oraclelinux1openvas44redhat2ubuntu4fedora10centos1securityvulns2f52prion2seebug1mageia2osv4debian2cve2amazon2veracode1debiancve1ubuntucve1vmware2ibm1suse1