Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5342-2.NASL
HistoryOct 20, 2023 - 12:00 a.m.

Ubuntu 20.04 ESM / 22.04 ESM : Python vulnerabilities (USN-5342-2)

2023-10-2000:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
44
JSON

The remote Ubuntu 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5342-2 advisory.

  • A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. (CVE-2021-4189)

  • A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like ‘\r’ and ‘\n’ in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. (CVE-2022-0391)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5342-2. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183568);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2021-4189", "CVE-2022-0391");
  script_xref(name:"USN", value:"5342-2");

  script_name(english:"Ubuntu 20.04 ESM / 22.04 ESM : Python vulnerabilities (USN-5342-2)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as
referenced in the USN-5342-2 advisory.

  - A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV
    (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This
    flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back
    to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which
    otherwise would not have been possible. (CVE-2021-4189)

  - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform
    Resource Locator (URL) strings into components. The issue involves how the urlparse method does not
    sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to
    input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1,
    3.9.5, 3.8.11, 3.7.11 and 3.6.14. (CVE-2022-0391)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5342-2");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0391");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:idle-python2.7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpython2.7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpython2.7-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpython2.7-minimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpython2.7-stdlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpython2.7-testsuite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.7-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.7-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '20.04', 'pkgname': 'idle-python2.7', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '20.04', 'pkgname': 'libpython2.7', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '20.04', 'pkgname': 'libpython2.7-dev', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '20.04', 'pkgname': 'libpython2.7-minimal', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '20.04', 'pkgname': 'libpython2.7-stdlib', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '20.04', 'pkgname': 'libpython2.7-testsuite', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '20.04', 'pkgname': 'python2.7', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '20.04', 'pkgname': 'python2.7-dev', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '20.04', 'pkgname': 'python2.7-examples', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '20.04', 'pkgname': 'python2.7-minimal', 'pkgver': '2.7.18-1~20.04.3+esm1'},
    {'osver': '22.04', 'pkgname': 'idle-python2.7', 'pkgver': '2.7.18-13ubuntu1.1+esm2'},
    {'osver': '22.04', 'pkgname': 'libpython2.7', 'pkgver': '2.7.18-13ubuntu1.1+esm2'},
    {'osver': '22.04', 'pkgname': 'libpython2.7-dev', 'pkgver': '2.7.18-13ubuntu1.1+esm2'},
    {'osver': '22.04', 'pkgname': 'libpython2.7-minimal', 'pkgver': '2.7.18-13ubuntu1.1+esm2'},
    {'osver': '22.04', 'pkgname': 'libpython2.7-stdlib', 'pkgver': '2.7.18-13ubuntu1.1+esm2'},
    {'osver': '22.04', 'pkgname': 'libpython2.7-testsuite', 'pkgver': '2.7.18-13ubuntu1.1+esm2'},
    {'osver': '22.04', 'pkgname': 'python2.7', 'pkgver': '2.7.18-13ubuntu1.1+esm2'},
    {'osver': '22.04', 'pkgname': 'python2.7-dev', 'pkgver': '2.7.18-13ubuntu1.1+esm2'},
    {'osver': '22.04', 'pkgname': 'python2.7-examples', 'pkgver': '2.7.18-13ubuntu1.1+esm2'},
    {'osver': '22.04', 'pkgname': 'python2.7-minimal', 'pkgver': '2.7.18-13ubuntu1.1+esm2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'idle-python2.7 / libpython2.7 / libpython2.7-dev / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:esm
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:esm
canonicalubuntu_linuxidle-python2.7p-cpe:/a:canonical:ubuntu_linux:idle-python2.7
canonicalubuntu_linuxlibpython2.7p-cpe:/a:canonical:ubuntu_linux:libpython2.7
canonicalubuntu_linuxlibpython2.7-devp-cpe:/a:canonical:ubuntu_linux:libpython2.7-dev
canonicalubuntu_linuxlibpython2.7-minimalp-cpe:/a:canonical:ubuntu_linux:libpython2.7-minimal
canonicalubuntu_linuxlibpython2.7-stdlibp-cpe:/a:canonical:ubuntu_linux:libpython2.7-stdlib
canonicalubuntu_linuxlibpython2.7-testsuitep-cpe:/a:canonical:ubuntu_linux:libpython2.7-testsuite
canonicalubuntu_linuxpython2.7p-cpe:/a:canonical:ubuntu_linux:python2.7
canonicalubuntu_linuxpython2.7-devp-cpe:/a:canonical:ubuntu_linux:python2.7-dev
Rows per page:
1-10 of 121

Related

nessus 53
redos 1
openvas 36
fedora 3
ubuntu 3
osv 18
mageia 1
suse 1
cloudfoundry 1
redhat 26
almalinux 4
oraclelinux 5
rocky 2
ubuntucve 2
veracode 2
prion 2
cbl_mariner 2
debiancve 2
ibm 17
redhatcve 2
cve 2
cloudlinux 1
amazon 2
debian 4
photon 5
rosalinux 1
gentoo 1
nessus
nessus
EulerOS 2.0 SP8 : python3 (EulerOS-SA-2022-1582)
2022-04-25 00:00:00
EulerOS 2.0 SP8 : python2 (EulerOS-SA-2022-1581)
2022-04-25 00:00:00
EulerOS Virtualization 3.0.6.6 : python (EulerOS-SA-2022-2529)
2022-10-09 00:00:00
redos
redos
ROS-20220407-03
2022-04-07 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2022-1581)
2022-04-25 00:00:00
Ubuntu: Security Advisory (USN-5342-2)
2023-01-27 00:00:00
Fedora: Security Advisory for python2.7 (FEDORA-2022-ef99a016f6)
2022-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: python2.7-2.7.18-20.fc35
2022-02-24 23:09:24
[SECURITY] Fedora 34 Update: python2.7-2.7.18-20.fc34
2022-02-24 23:27:18
[SECURITY] Fedora 34 Update: mingw-python3-3.9.4-4.fc34
2022-02-06 02:02:39
ubuntu
ubuntu
Python vulnerabilities
2022-08-24 00:00:00
Python vulnerabilities
2022-03-28 00:00:00
Python vulnerability
2022-05-23 00:00:00
osv
osv
python2.7 vulnerabilities
2022-08-24 08:56:59
python2.7, python3.4, python3.5, python3.6, python3.8 vulnerabilities
2022-03-28 09:39:26
python3.7 vulnerability
2022-05-23 08:53:04
mageia
mageia
Updated python packages fix security vulnerability
2022-10-13 23:05:19
suse
suse
Security update for python (moderate)
2022-04-01 00:00:00
cloudfoundry
cloudfoundry
USN-5342-1: Python vulnerabilities | Cloud Foundry
2022-05-23 00:00:00
redhat
redhat
(RHSA-2022:1663) Moderate: python27-python and python27-python-pip security update
2022-05-02 07:48:36
(RHSA-2022:1821) Moderate: python27:2.7 security update
2022-05-10 08:02:50
(RHSA-2022:1986) Moderate: python3 security update
2022-05-10 08:11:33
almalinux
almalinux
Moderate: python27:2.7 security update
2022-05-10 08:02:50
Moderate: python3 security update
2022-09-13 00:00:00
Moderate: python3 security update
2022-05-10 08:11:33
oraclelinux
oraclelinux
python27:2.7 security update
2022-05-17 00:00:00
python3 security update
2022-05-17 00:00:00
python security update
2023-06-26 00:00:00
rocky
rocky
python27:2.7 security update
2022-05-10 08:02:50
python38:3.8 and python38-devel:3.8 security update
2022-05-10 06:23:23
ubuntucve
ubuntucve
CVE-2021-4189
2021-12-31 00:00:00
CVE-2022-0391
2022-02-09 00:00:00
veracode
veracode
Injection Vulnerability
2022-02-08 08:36:16
Denial Of Service (DoS)
2022-01-05 04:25:08
prion
prion
Design/Logic Flaw
2022-02-09 23:15:00
Default credentials
2022-08-24 16:15:00
cbl_mariner
cbl_mariner
CVE-2022-0391 affecting package python2 2.7.18-14
2022-03-09 18:31:42
CVE-2022-0391 affecting package python3 3.7.10-7
2022-03-09 18:31:42
debiancve
debiancve
CVE-2021-4189
2022-08-24 16:15:00
CVE-2022-0391
2022-02-09 23:15:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2021-4189
2022-06-22 10:28:12
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a possible sensitive information exposure in Python (CVE-2021-4189).
2023-01-12 21:59:00
Security Bulletin: Python (Publicly disclosed vulnerability) in IBM Tivoli Application Dependency Discovery Manager (CVE-2022-0391)
2022-11-18 12:26:02
redhatcve
redhatcve
CVE-2021-4189
2021-12-29 14:01:02
CVE-2022-0391
2022-01-27 18:43:26
cve
cve
CVE-2021-4189
2022-08-24 16:15:00
CVE-2022-0391
2022-02-09 23:15:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-0391
2022-03-07 15:12:37
amazon
amazon
Medium: python
2022-05-31 23:50:00
Medium: python27
2022-05-31 23:47:00
debian
debian
[SECURITY] [DLA 2919-1] python2.7 security update
2022-02-12 18:54:50
[SECURITY] [DLA 3477-1] python3.7 security update
2023-06-30 20:52:04
[SECURITY] [DLA 3575-1] python2.7 security update
2023-09-20 19:13:38
photon
photon
Important Photon OS Security Update - PHSA-2022-0516
2022-09-15 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0463
2022-10-05 00:00:00
Important Photon OS Security Update - PHSA-2022-0450
2022-03-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2203
2023-08-01 12:58:39
gentoo
gentoo
Python, PyPy3: Multiple Vulnerabilities
2023-05-03 00:00:00
JSON
Related for UBUNTU_USN-5342-2.NASL
nessus53redos1openvas36fedora3ubuntu3osv18mageia1suse1cloudfoundry1redhat26almalinux4oraclelinux5rocky2ubuntucve2veracode2prion2cbl_mariner2debiancve2ibm17redhatcve2cve2cloudlinux1amazon2debian4photon5rosalinux1gentoo1