Lucene search
Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3407-1.NASLHistoryAug 31, 2017 - 12:00 a.m.
Ubuntu 16.04 LTS : PyJWT vulnerability (USN-3407-1)
2017-08-3100:00:00
Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
35.3%
It was discovered that a vulnerability in PyJWT doesn’t check invalid_strings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3407-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(102857);
script_version("3.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");
script_cve_id("CVE-2017-11424");
script_xref(name:"USN", value:"3407-1");
script_name(english:"Ubuntu 16.04 LTS : PyJWT vulnerability (USN-3407-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It was discovered that a vulnerability in PyJWT doesn't check
invalid_strings properly for some public keys. A remote attacker could
take advantage of a key confusion to craft JWTs from scratch.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3407-1");
script_set_attribute(attribute:"solution", value:
"Update the affected python-jwt and / or python3-jwt packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-11424");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/24");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-jwt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-jwt");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '16.04', 'pkgname': 'python-jwt', 'pkgver': '1.3.0-1ubuntu0.1'},
{'osver': '16.04', 'pkgname': 'python3-jwt', 'pkgver': '1.3.0-1ubuntu0.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-jwt / python3-jwt');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | python-jwt | p-cpe:/a:canonical:ubuntu_linux:python-jwt |
| canonical | ubuntu_linux | python3-jwt | p-cpe:/a:canonical:ubuntu_linux:python3-jwt |
| canonical | ubuntu_linux | 16.04 | cpe:/o:canonical:ubuntu_linux:16.04:-:lts |
Related
debian
debian
[SECURITY] [DSA 3979-1] pyjwt security update
2017-09-19 20:55:50
github
github
PyJWT vulnerable to key confusion attacks
2022-05-13 01:42:19
nessus
nessus
Debian DSA-3979-1 : pyjwt - security update
2017-09-20 00:00:00
Fedora 26 : python-jwt (2017-b9f07dfaca)
2017-09-25 00:00:00
Fedora 27 : python-jwt (2017-0cc84101de)
2018-01-15 00:00:00
veracode
veracode
Key Confusion Attacks
2017-08-16 22:26:05
openvas
openvas
Fedora Update for python-jwt FEDORA-2017-b9f07dfaca
2017-09-28 00:00:00
Debian: Security Advisory (DSA-3979-1)
2017-09-18 00:00:00
Ubuntu: Security Advisory (USN-3407-1)
2018-10-26 00:00:00
redhatcve
redhatcve
CVE-2017-11424
2017-08-25 08:48:29
cvelist
cvelist
CVE-2017-11424
2017-08-24 16:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: python-jwt-1.5.3-1.fc27
2017-09-30 07:36:29
[SECURITY] Fedora 26 Update: python-jwt-1.5.3-1.fc26
2017-09-25 00:53:39
osv
osv
pyjwt - security update
2017-09-19 00:00:00
PyJWT vulnerable to key confusion attacks
2022-05-13 01:42:19
CVE-2017-11424
2017-08-24 16:29:00
prion
prion
Type confusion
2017-08-24 16:29:00
ubuntucve
ubuntucve
CVE-2017-11424
2017-08-24 00:00:00
debiancve
debiancve
CVE-2017-11424
2017-08-24 16:29:00
nvd
nvd
CVE-2017-11424
2017-08-24 16:29:00
CVE-2017-12880
2017-08-16 14:29:00
cve
cve
CVE-2017-11424
2017-08-24 16:29:00
CVE-2017-12880
2017-08-16 14:29:00
ubuntu
ubuntu
PyJWT vulnerability
2017-08-30 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
35.3%
Related for UBUNTU_USN-3407-1.NASL