Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TencentOS Server 3: python39 (TSSA-2022:0190)

🗓️ 16 Jun 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 4 Views

TencentOS Server 3 has vulnerabilities due to outdated Python 3.9 version needing updates.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to multiple Operator package issues
1 May 202521:38
ibm
IBM Security Bulletins		Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities
6 Jul 202318:48
ibm
IBM Security Bulletins		Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to elevated privileges due to [CVE-2022-42919]
26 Jan 202315:18
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues
28 Aug 202521:17
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus
10 Dec 202118:57
ibm
IBM Security Bulletins		Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)
20 May 202213:02
ibm
IBM Security Bulletins		Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs
19 Oct 202115:38
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Python, Tornado, and Urllib3 affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore
28 Jun 202120:41
ibm
IBM Security Bulletins		Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
29 Apr 202502:13
ibm
IBM Security Bulletins		Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
3 Dec 202118:52
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2022:0190.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(238822);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/05");

  script_cve_id(
    "CVE-2021-23336",
    "CVE-2021-29921",
    "CVE-2021-3426",
    "CVE-2022-42919"
  );

  script_name(english:"TencentOS Server 3: python39 (TSSA-2022:0190)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 3 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0190 advisory.

    Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:

      CVE-2022-42919:
      Python 3.9.x and 3.10.x through 3.10.8 on Linux allows local privilege escalation in a non-default
    configuration. The Python multiprocessing library, when used with the forkserver start method on Linux,
    allows pickles to be deserialized from any user in the same machine local network namespace, which in many
    system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this
    allows for local user privilege escalation to the user that any forkserver process is running as. Setting
    multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for
    multiprocessing is not the default start method. This issue is Linux specific because only Linux supports
    abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by
    default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8
    and 3.8.4, but users would need to make specific uncommon API calls in order to do that in CPython before
    3.9.

      CVE-2021-29921:
      In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP
    address string. This (in some situations) allows attackers to bypass access control that is based on IP
    addresses.

      CVE-2021-3426:
      There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince
    another local or adjacent user to start a pydoc server could access the server and use it to disclose
    sensitive information belonging to the other user that they would not normally be able to access. The
    highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9,
    Python versions before 3.9.3 and Python versions before 3.10.0a7.

      CVE-2021-23336:
      The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before
    3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and
    urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query
    parameters using a semicolon (;), they can cause a difference in the interpretation of the request between
    the proxy (running with default configuration) and the server. This can result in malicious requests being
    cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and
    therefore would not include it in a cache key of an unkeyed parameter.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20220190.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-29921");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/06/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:python39");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 3.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'python39-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-debug-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-debug-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-debuginfo-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-debuginfo-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-debugsource-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-debugsource-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-devel-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-devel-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-idle-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-idle-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-libs-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-libs-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-rpm-macros-3.9.7-1.module+el8.6.0+365+eb027028', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-test-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-test-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-tkinter-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python39-tkinter-3.9.7-1.module+el8.6.0+365+eb027028', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python39 / python39-debug / python39-debuginfo / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
05 Dec 2025 00:00Current
7.9High risk
Vulners AI Score7.9
CVSS 27.5
CVSS 3.17.8 - 9.8
EPSS0.02048
SSVC
tencentos servervulnerabilitiespython 3.9local privilege escalationipaddress librarypydoc server
4