Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1314-1.NASL
HistoryDec 20, 2011 - 12:00 a.m.

Ubuntu 10.04 LTS / 10.10 / 11.04 : python3.1, python3.2 vulnerabilities (USN-1314-1)

2011-12-2000:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

Giampaolo Rodola discovered that the smtpd module in Python 3 did not properly handle certain error conditions. A remote attacker could exploit this to cause a denial of service via daemon outage. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-3493)

Niels Heinen discovered that the urllib module in Python 3 would process Location headers that specify a file:// URL. A remote attacker could use this to obtain sensitive information or cause a denial of service via resource consumption. (CVE-2011-1521).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1314-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(57345);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:27");

  script_cve_id("CVE-2010-3493", "CVE-2011-1521");
  script_bugtraq_id(44533, 47024);
  script_xref(name:"USN", value:"1314-1");

  script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 : python3.1, python3.2 vulnerabilities (USN-1314-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Giampaolo Rodola discovered that the smtpd module in Python 3 did not
properly handle certain error conditions. A remote attacker could
exploit this to cause a denial of service via daemon outage. This
issue only affected Ubuntu 10.04 LTS. (CVE-2010-3493)

Niels Heinen discovered that the urllib module in Python 3 would
process Location headers that specify a file:// URL. A remote attacker
could use this to obtain sensitive information or cause a denial of
service via resource consumption. (CVE-2011-1521).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1314-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected python3.1-minimal and / or python3.2-minimal
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.1-minimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/10/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|10\.10|11\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"python3.1-minimal", pkgver:"3.1.2-0ubuntu3.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"python3.1-minimal", pkgver:"3.1.2+20100915-0ubuntu4.1")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"python3.1-minimal", pkgver:"3.1.3-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"python3.2-minimal", pkgver:"3.2-1ubuntu1.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3.1-minimal / python3.2-minimal");
}
VendorProductVersionCPE
canonicalubuntu_linuxpython3.1-minimalp-cpe:/a:canonical:ubuntu_linux:python3.1-minimal
canonicalubuntu_linuxpython3.2-minimalp-cpe:/a:canonical:ubuntu_linux:python3.2-minimal
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux10.10cpe:/o:canonical:ubuntu_linux:10.10
canonicalubuntu_linux11.04cpe:/o:canonical:ubuntu_linux:11.04

Related

ubuntu 5
openvas 39
nessus 37
redhat 3
oraclelinux 3
centos 2
debiancve 2
cve 3
prion 3
ubuntucve 3
veracode 2
securityvulns 6
gitlab 1
osv 3
github 1
f5 1
gentoo 1
debian 1
ibm 1
vmware 2
ubuntu
ubuntu
Python 3 vulnerabilities
2011-12-19 00:00:00
Python 2.6 vulnerabilities
2012-10-04 00:00:00
Python 2.5 vulnerabilities
2012-10-17 00:00:00
openvas
openvas
Ubuntu Update for python3.1 USN-1314-1
2011-12-23 00:00:00
Ubuntu Update for python3.1 USN-1314-1
2011-12-23 00:00:00
RedHat Update for python RHSA-2011:0554-01
2012-06-06 00:00:00
nessus
nessus
Scientific Linux Security Update : python on SL6.x i386/x86_64
2012-08-01 00:00:00
RHEL 6 : python (RHSA-2011:0554)
2011-05-20 00:00:00
Oracle Linux 6 : python (ELSA-2011-0554)
2023-09-07 00:00:00
redhat
redhat
(RHSA-2011:0554) Moderate: python security, bug fix, and enhancement update
2011-05-19 00:00:00
(RHSA-2011:0492) Moderate: python security update
2011-05-05 00:00:00
(RHSA-2011:0491) Moderate: python security update
2011-05-05 00:00:00
oraclelinux
oraclelinux
python security update
2011-05-05 00:00:00
python security update
2011-05-05 00:00:00
python security, bug fix, and enhancement update
2011-05-28 00:00:00
centos
centos
python, tkinter security update
2011-05-05 20:50:48
python, tkinter security update
2011-05-05 21:37:02
debiancve
debiancve
CVE-2011-1521
2011-05-24 23:55:00
CVE-2011-4137
2011-10-19 10:55:00
cve
cve
CVE-2011-1521
2011-05-24 23:55:00
CVE-2010-3493
2010-10-19 20:00:00
CVE-2011-4137
2011-10-19 10:55:00
prion
prion
Code injection
2011-05-24 23:55:00
Race condition
2010-10-19 20:00:00
Design/Logic Flaw
2011-10-19 10:55:00
ubuntucve
ubuntucve
CVE-2011-1521
2011-05-24 00:00:00
CVE-2010-3493
2010-10-19 00:00:00
CVE-2011-4137
2011-10-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:55:29
Denial Of Service (DoS)
2020-04-10 00:55:29
securityvulns
securityvulns
[ MDVSA-2010:216 ] python
2010-11-02 00:00:00
Python DoS
2010-11-02 00:00:00
[ MDVSA-2011:096 ] python
2011-05-25 00:00:00
gitlab
gitlab
Moderate severity vulnerability that affects django
2018-07-23 00:00:00
osv
osv
Moderate severity vulnerability that affects django
2018-07-23 19:51:35
PYSEC-2011-2
2011-10-19 10:55:00
python2.6 - security update
2014-07-31 00:00:00
github
github
Moderate severity vulnerability that affects django
2018-07-23 19:51:35
f5
f5
K75910138 : Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150
2018-09-11 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2014-01-06 00:00:00
debian
debian
[DLA 25-1] python2.6 security update
2014-07-31 21:07:32
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in python 2.6.4 used in OS Image for AIX shipped with IBM Cloud Pak System
2020-05-06 11:57:04
vmware
vmware
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
JSON
Related for UBUNTU_USN-1314-1.NASL
ubuntu5openvas39nessus37redhat3oraclelinux3centos2debiancve2cve3prion3ubuntucve3veracode2securityvulns6gitlab1osv3github1f51gentoo1debian1ibm1vmware2