Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.UBUNTU_USN-173-4.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Ubuntu 4.10 / 5.04 : python2.1, python2.2, python2.3, gnumeric vulnerabilities (USN-173-4)

2006-01-1500:00:00
Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
www.tenable.com
10
JSON

USN-173-1 fixed a buffer overflow vulnerability in the PCRE library.
However, it was found that the various python packages and gnumeric contain static copies of the library code, so these packages need to be updated as well.

In gnumeric this bug could be exploited to execute arbitrary code with the privileges of the user if the user was tricked into opening a specially crafted spreadsheet document.

In python, the impact depends on the particular application that uses python’s ‘re’ (regular expression) module. In python server applications that process unchecked arbitrary regular expressions with the ‘re’ module, this could potentially be exploited to remotely execute arbitrary code with the privileges of the server.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-173-4. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20583);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2005-2491");
  script_bugtraq_id(14620);
  script_xref(name:"USN", value:"173-4");

  script_name(english:"Ubuntu 4.10 / 5.04 : python2.1, python2.2, python2.3, gnumeric vulnerabilities (USN-173-4)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-173-1 fixed a buffer overflow vulnerability in the PCRE library.
However, it was found that the various python packages and gnumeric
contain static copies of the library code, so these packages need to
be updated as well.

In gnumeric this bug could be exploited to execute arbitrary code with
the privileges of the user if the user was tricked into opening a
specially crafted spreadsheet document.

In python, the impact depends on the particular application that uses
python's 're' (regular expression) module. In python server
applications that process unchecked arbitrary regular expressions with
the 're' module, this could potentially be exploited to remotely
execute arbitrary code with the privileges of the server.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-plugins-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:idle-python2.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:idle-python2.2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:idle-python2.3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.1-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.1-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.1-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.1-gdbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.1-mpz");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.1-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.1-xmlbase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.2-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.2-gdbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.2-mpz");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.2-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.2-xmlbase");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.3-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.3-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.3-gdbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.3-mpz");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.3-tk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/08/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(4\.10|5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"4.10", pkgname:"gnumeric", pkgver:"1.2.13-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"gnumeric-common", pkgver:"1.2.13-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"gnumeric-doc", pkgver:"1.2.13-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"gnumeric-plugins-extra", pkgver:"1.2.13-1ubuntu2.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"idle-python2.1", pkgver:"2.1.3-24.ubuntu0.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"idle-python2.2", pkgver:"2.2.3-10.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"idle-python2.3", pkgver:"2.3.4-2.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.1", pkgver:"2.1.3-24.ubuntu0.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.1-dev", pkgver:"2.1.3-24.ubuntu0.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.1-doc", pkgver:"2.1.3-24.ubuntu0.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.1-examples", pkgver:"2.1.3-24.ubuntu0.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.1-gdbm", pkgver:"2.1.3-24.ubuntu0.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.1-mpz", pkgver:"2.1.3-24.ubuntu0.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.1-tk", pkgver:"2.1.3-24.ubuntu0.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.1-xmlbase", pkgver:"2.1.3-24.ubuntu0.1")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.2", pkgver:"2.2.3-10.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.2-dev", pkgver:"2.2.3-10.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.2-doc", pkgver:"2.2.3-10.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.2-examples", pkgver:"2.2.3-10.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.2-gdbm", pkgver:"2.2.3-10.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.2-mpz", pkgver:"2.2.3-10.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.2-tk", pkgver:"2.2.3-10.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.2-xmlbase", pkgver:"2.2.3-10.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.3", pkgver:"2.3.4-2.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.3-dev", pkgver:"2.3.4-2.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.3-doc", pkgver:"2.3.4-2.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.3-examples", pkgver:"2.3.4-2.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.3-gdbm", pkgver:"2.3.4-2.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.3-mpz", pkgver:"2.3.4-2.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"4.10", pkgname:"python2.3-tk", pkgver:"2.3.4-2.ubuntu0.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"gnumeric", pkgver:"1.4.2-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"gnumeric-common", pkgver:"1.4.2-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"gnumeric-doc", pkgver:"1.4.2-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"gnumeric-plugins-extra", pkgver:"1.4.2-1ubuntu3.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"idle-python2.2", pkgver:"2.2.3dfsg-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"idle-python2.3", pkgver:"2.3.5-2ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.2", pkgver:"2.2.3dfsg-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.2-dev", pkgver:"2.2.3dfsg-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.2-doc", pkgver:"2.2.3dfsg-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.2-examples", pkgver:"2.2.3dfsg-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.2-gdbm", pkgver:"2.2.3dfsg-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.2-mpz", pkgver:"2.2.3dfsg-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.2-tk", pkgver:"2.2.3dfsg-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.2-xmlbase", pkgver:"2.2.3dfsg-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.3", pkgver:"2.3.5-2ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.3-dev", pkgver:"2.3.5-2ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.3-doc", pkgver:"2.3.5-2ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.3-examples", pkgver:"2.3.5-2ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.3-gdbm", pkgver:"2.3.5-2ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.3-mpz", pkgver:"2.3.5-2ubuntu0.1")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"python2.3-tk", pkgver:"2.3.5-2ubuntu0.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnumeric / gnumeric-common / gnumeric-doc / gnumeric-plugins-extra / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxgnumericp-cpe:/a:canonical:ubuntu_linux:gnumeric
canonicalubuntu_linuxgnumeric-commonp-cpe:/a:canonical:ubuntu_linux:gnumeric-common
canonicalubuntu_linuxgnumeric-docp-cpe:/a:canonical:ubuntu_linux:gnumeric-doc
canonicalubuntu_linuxgnumeric-plugins-extrap-cpe:/a:canonical:ubuntu_linux:gnumeric-plugins-extra
canonicalubuntu_linuxidle-python2.1p-cpe:/a:canonical:ubuntu_linux:idle-python2.1
canonicalubuntu_linuxidle-python2.2p-cpe:/a:canonical:ubuntu_linux:idle-python2.2
canonicalubuntu_linuxidle-python2.3p-cpe:/a:canonical:ubuntu_linux:idle-python2.3
canonicalubuntu_linuxpython2.1p-cpe:/a:canonical:ubuntu_linux:python2.1
canonicalubuntu_linuxpython2.1-devp-cpe:/a:canonical:ubuntu_linux:python2.1-dev
canonicalubuntu_linuxpython2.1-docp-cpe:/a:canonical:ubuntu_linux:python2.1-doc
Rows per page:
1-10 of 321

Related

debian 8
osv 4
openvas 37
nessus 36
slackware 4
httpd 1
ubuntu 3
gentoo 5
centos 5
redhat 3
freebsd 1
ubuntucve 1
securityvulns 8
debiancve 1
cve 1
suse 4
oraclelinux 1
debian
debian
[SECURITY] [DSA 819-1] New python2.1 packages fix arbitrary code execution
2005-09-23 09:29:05
[SECURITY] [DSA 800-1] New pcre3 packages fix arbitrary code execution
2005-09-02 13:02:15
[SECURITY] [DSA 821-1] New python2.3 packages fix arbitrary code execution
2005-09-28 08:24:43
osv
osv
python2.2 - integer overflow
2005-09-22 00:00:00
python2.3 - integer overflow
2005-09-28 00:00:00
pcre3 - integer overflow
2005-09-02 00:00:00
openvas
openvas
Debian Security Advisory DSA 821-1 (python2.3)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-819-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200509-02 (Gnumeric)
2008-09-24 00:00:00
nessus
nessus
Ubuntu 4.10 / 5.04 : pcre3 vulnerability (USN-173-1)
2006-01-15 00:00:00
Mandrake Linux Security Advisory : gnumeric (MDKSA-2005:153)
2005-10-05 00:00:00
CentOS 3 / 4 : pcre (CESA-2005:761)
2006-07-03 00:00:00
slackware
slackware
PCRE library
2005-08-30 15:53:53
PHP
2005-08-30 15:54:11
php5 in Slackware 10.1
2005-09-08 15:55:19
httpd
httpd
Apache Httpd < 2.0.55 : PCRE overflow
2005-10-14 00:00:00
ubuntu
ubuntu
PCRE vulnerability
2005-08-25 00:00:00
PCRE vulnerability
2005-08-24 00:00:00
PCRE vulnerabilities
2005-08-31 00:00:00
gentoo
gentoo
Gnumeric: Heap overflow in the included PCRE library
2005-09-03 00:00:00
libpcre: Heap integer overflow
2005-08-25 00:00:00
Python: Heap overflow in the included PCRE library
2005-09-12 00:00:00
centos
centos
pcre security update
2005-09-08 23:08:40
python, tkinter security update
2006-03-09 21:29:49
pcre security update
2005-09-08 18:08:23
redhat
redhat
(RHSA-2006:0197) python security update
2006-03-09 00:00:00
(RHSA-2005:358) exim security update
2005-09-08 00:00:00
(RHSA-2005:761) pcre security update
2005-09-08 00:00:00
freebsd
freebsd
pcre -- regular expression buffer overflow
2005-08-01 00:00:00
ubuntucve
ubuntucve
CVE-2005-2491
2005-08-23 00:00:00
securityvulns
securityvulns
MDKSA-2005:152 - Updated php packages fix integer overflow vulnerability
2005-08-28 00:00:00
Apache PCRE Integer Overflow Vulnerability
2005-09-05 00:00:00
MDKSA-2005:153 - Updated gnumeric packages fix integer overflow vulnerability
2005-08-28 00:00:00
debiancve
debiancve
CVE-2005-2491
2005-08-23 04:00:00
cve
cve
CVE-2005-2491
2005-08-23 04:00:00
suse
suse
remote code execution in pcre
2005-08-30 13:56:51
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
remote code execution in php4, php5
2005-08-30 14:35:22
oraclelinux
oraclelinux
python security update
2006-11-30 00:00:00
JSON
Related for UBUNTU_USN-173-4.NASL
debian8osv4openvas37nessus36slackware4httpd1ubuntu3gentoo5centos5redhat3freebsd1ubuntucve1securityvulns8debiancve1cve1suse4oraclelinux1