Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2021 Tenable Network Security, Inc.SUSE_PYTHON-4902.NASL
HistoryFeb 01, 2008 - 12:00 a.m.

SuSE 10 Security Update : Python (ZYPP Patch Number 4902)

2008-02-0100:00:00
This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.
www.tenable.com
14
JSON

Specially crafted images could trigger an integer overflow in the imageop module. (CVE-2007-4965)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(30146);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-4965");

  script_name(english:"SuSE 10 Security Update : Python (ZYPP Patch Number 4902)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Specially crafted images could trigger an integer overflow in the
imageop module. (CVE-2007-4965)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2007-4965.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4902.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
  script_cwe_id(189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:1, reference:"python-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLED10", sp:1, reference:"python-curses-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLED10", sp:1, reference:"python-devel-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLED10", sp:1, reference:"python-gdbm-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLED10", sp:1, reference:"python-tk-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLED10", sp:1, reference:"python-xml-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"python-32bit-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-curses-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-demo-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-devel-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-doc-2.4.2-18.10")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-doc-pdf-2.4.2-18.10")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-gdbm-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-idle-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-tk-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLES10", sp:1, reference:"python-xml-2.4.2-18.13")) flag++;
if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"python-32bit-2.4.2-18.13")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

Related

fedora 1
nessus 28
gentoo 2
openvas 39
cve 3
veracode 1
prion 3
ubuntucve 6
ubuntu 1
redhat 5
centos 2
oraclelinux 2
vmware 4
osv 2
debian 2
fedora
fedora
[SECURITY] Fedora 7 Update: python-2.5-14.fc7
2007-10-29 19:03:15
nessus
nessus
openSUSE 10 Security Update : python (python-4900)
2008-02-01 00:00:00
GLSA-200711-07 : Python: User-assisted execution of arbitrary code
2007-11-08 00:00:00
Mandriva Linux Security Advisory : python (MDVSA-2008:013)
2009-04-23 00:00:00
gentoo
gentoo
Python: User-assisted execution of arbitrary code
2007-11-07 00:00:00
Python: Multiple integer overflows
2008-07-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200711-07 (python)
2008-09-24 00:00:00
Fedora Update for python FEDORA-2007-2663
2009-02-27 00:00:00
Gentoo Security Advisory GLSA 200711-07 (python)
2008-09-24 00:00:00
cve
cve
CVE-2007-4965
2007-09-18 22:17:00
CVE-2008-1679
2008-04-22 04:41:00
CVE-2008-4864
2008-11-01 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:35:07
prion
prion
Integer overflow
2007-09-18 22:17:00
Integer overflow
2008-04-22 04:41:00
Integer overflow
2008-11-01 00:00:00
ubuntucve
ubuntucve
CVE-2007-4965
2007-09-18 00:00:00
CVE-2008-1679
2008-04-22 00:00:00
CVE-2010-1450
2010-05-27 00:00:00
ubuntu
ubuntu
Python vulnerabilities
2008-03-11 00:00:00
redhat
redhat
(RHSA-2007:1076) Moderate: python security update
2007-12-10 00:00:00
(RHSA-2009:1176) Moderate: python security update
2009-07-27 00:00:00
(RHSA-2008:0525) Moderate: Red Hat Network Satellite Server Solaris client security update
2008-06-30 00:00:00
centos
centos
python, tkinter security update
2007-12-10 19:37:17
python, tkinter security update
2009-07-29 17:31:50
oraclelinux
oraclelinux
Moderate: python security update
2007-12-10 00:00:00
python security update
2009-07-27 00:00:00
vmware
vmware
Updated aacraid driver and Samba and Python service console updates
2008-02-04 00:00:00
Updated aacraid driver and Samba and Python service console updates
2008-02-04 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
osv
osv
python2.4 - several vulnerabilities
2008-04-19 00:00:00
python2.5 - several vulnerabilities
2008-07-27 00:00:00
debian
debian
[SECURITY] [DSA 1620-1] New python2.5 packages fix several vulnerabilities
2008-07-27 13:13:22
[SECURITY] [DSA 1551-1] New python2.4 packages fix several vulnerabilities
2008-04-19 16:45:03
JSON
Related for SUSE_PYTHON-4902.NASL
fedora1nessus28gentoo2openvas39cve3veracode1prion3ubuntucve6ubuntu1redhat5centos2oraclelinux2vmware4osv2debian2