{"id": "VMWARE_VMSA-2008-0003.NASL", "bulletinFamily": "scanner", "title": "VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates", "description": "I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module where strings generated by the strxfrm() function were not properly NUL-terminated. This might result in disclosure of data stored in the memory of a Python application using the strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in Python's imageop module. These could allow an attacker to cause a Python application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4965 to this issue.", "published": "2009-07-27T00:00:00", "modified": "2018-08-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40374", "reporter": "Tenable", "references": ["http://lists.vmware.com/pipermail/security-announce/2008/000012.html"], "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "type": "nessus", "lastseen": "2019-02-21T01:12:12", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:vmware:esx:3.0.2", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:2.5.4", "cpe:/o:vmware:esx:3.0.1", "cpe:/o:vmware:esx:2.5.5"], "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked\n IOCTL command permissions. This flaw might allow a local user\n on the Service Console to cause a denial of service or gain\n privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow\n flaw in the way Samba authenticates remote users. A remote\n unauthenticated user could trigger this flaw to cause the Samba\n server to crash or to execute arbitrary code with the\n permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker\n has access to the Service Console network. The Samba\n client is installed by default in the Service Console, but\n the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an\n integer overflow issue with the way Python's Perl-Compatible\n Regular Expression (PCRE) module handled certain regular\n expressions. If a Python application used the PCRE module to\n compile and execute untrusted regular expressions, it might be\n possible to cause the application to crash, or to execute\n arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module\n where strings generated by the strxfrm() function were not\n properly NUL-terminated. This might result in disclosure of\n data stored in the memory of a Python application using the\n strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in\n Python's imageop module. These could allow an attacker to cause\n a Python application to crash, enter an infinite loop, or\n possibly execute arbitrary code with the privileges of the\n Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4965 to this issue.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-01-16T20:09:36", "references": [{"idList": ["CESA-2007:1077-01", "CESA-2007:1076"], "type": "centos"}, {"idList": ["SSA-2007-344-01"], "type": "slackware"}, {"idList": ["USN-556-1", "USN-585-1"], "type": "ubuntu"}, {"idList": ["FFCBD42D-A8C5-11DC-BEC2-02E0185F8D72"], "type": "freebsd"}, {"idList": ["SAMBA:CVE-2007-6015"], "type": "samba"}, {"idList": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "type": "cve"}, {"idList": ["SSV:2579"], "type": "seebug"}, {"idList": ["GLSA-200712-10", "GLSA-200711-07", "GLSA-200802-10"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310880314", "OPENVAS:1361412562310870180", "OPENVAS:880314", "OPENVAS:870189", "OPENVAS:840265", "OPENVAS:870180", "OPENVAS:1361412562310870189", "OPENVAS:880319", "OPENVAS:1361412562310880338", "OPENVAS:880338"], "type": "openvas"}, {"idList": ["VU:438395"], "type": "cert"}, {"idList": ["VMSA-2008-0003"], "type": "vmware"}, {"idList": ["ELSA-2007-1076"], "type": "oraclelinux"}, {"idList": ["RHSA-2007:1117", "RHSA-2007:1077", "RHSA-2007:1076"], "type": "redhat"}, {"idList": ["EDB-ID:4732", "EDB-ID:30018", "EDB-ID:30592"], "type": "exploitdb"}, {"idList": ["SUSE-SA:2007:068"], "type": "suse"}, {"idList": ["DEBIAN:DSA-1427-1:186C3", "DEBIAN:DSA-1551-1:41B8A", "DEBIAN:DSA-1620-1:7CA52"], "type": "debian"}, {"idList": ["DEBIAN_DSA-1551.NASL", "REDHAT-RHSA-2007-1117.NASL", "REDHAT-RHSA-2007-1076.NASL", "SL_20071210_PYTHON_ON_SL4_X.NASL", "CENTOS_RHSA-2007-1076.NASL", "ORACLELINUX_ELSA-2007-1076.NASL", "REDHAT-RHSA-2007-1077.NASL", "UBUNTU_USN-585-1.NASL", "GENTOO_GLSA-200711-07.NASL", "DEBIAN_DSA-1620.NASL"], "type": "nessus"}, {"idList": ["SECURITYVULNS:DOC:18620", "SECURITYVULNS:VULN:7604", "SECURITYVULNS:DOC:18621", "SECURITYVULNS:VULN:8440"], "type": "securityvulns"}, {"idList": ["OSVDB:35247", "OSVDB:39191"], "type": "osvdb"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "d7126e0362193b51bae22ec6a5cff58b393900f11ed06a49269733ce11ef81f9", "hashmap": [{"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "0c0027a14a19aba990afc5a5562cb4e6", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06d31ea75ce174bd6e8a2331e24a21c2", "key": "modified"}, {"hash": "6020a3014ff8b0dfefb8b14cb0d9c87e", "key": "sourceData"}, {"hash": "d6dd5a8e6781837b849efb4a99a529b7", "key": "references"}, {"hash": "ba996e5e98af86fd5a9f58bf52eea4bb", "key": "naslFamily"}, {"hash": "f593b9ead8801922f74f0a5329e31486", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "48683f51f0abb0d8ac8e0bca64e8b68b", "key": "cvelist"}, {"hash": "be877c742fea0de5a9f803394c087d8b", "key": "title"}, {"hash": "9b5f0cb61f459deabc847c3c1d0edf1a", "key": "description"}, {"hash": "aef5ced60fca3cafe7600b4d5483190c", "key": "published"}, {"hash": "5df2b7b6b5e93d786ed4b2a7339ec6e4", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40374", "id": "VMWARE_VMSA-2008-0003.NASL", "lastseen": "2019-01-16T20:09:36", "modified": "2018-08-06T00:00:00", "naslFamily": "VMware ESX Local Security Checks", "objectVersion": "1.3", "pluginID": "40374", "published": "2009-07-27T00:00:00", "references": ["http://lists.vmware.com/pipermail/security-announce/2008/000012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40374);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4308\", \"CVE-2007-4965\", \"CVE-2007-6015\");\n script_bugtraq_id(23887, 25216, 25696, 26462, 26727, 26791);\n script_xref(name:\"VMSA\", value:\"2008-0003\");\n\n script_name(english:\"VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked\n IOCTL command permissions. This flaw might allow a local user\n on the Service Console to cause a denial of service or gain\n privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow\n flaw in the way Samba authenticates remote users. A remote\n unauthenticated user could trigger this flaw to cause the Samba\n server to crash or to execute arbitrary code with the\n permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker\n has access to the Service Console network. The Samba\n client is installed by default in the Service Console, but\n the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an\n integer overflow issue with the way Python's Perl-Compatible\n Regular Expression (PCRE) module handled certain regular\n expressions. If a Python application used the PCRE module to\n compile and execute untrusted regular expressions, it might be\n possible to cause the application to crash, or to execute\n arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module\n where strings generated by the strxfrm() function were not\n properly NUL-terminated. This might result in disclosure of\n data stored in the memory of a Python application using the\n strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in\n Python's imageop module. These could allow an attacker to cause\n a Python application to crash, enter an infinite loop, or\n possibly execute arbitrary code with the privileges of the\n Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4965 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-02-04\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 2.5.4\", patch:\"15\")) flag++;\n\nif (esx_check(ver:\"ESX 2.5.5\", patch:\"4\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003347\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003348\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003350\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003359\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003360\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003362\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802406-SG\",\n patch_updates : make_list(\"ESX350-200911212-UG\", \"ESX350-201002405-BG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802408-SG\",\n patch_updates : make_list(\"ESX350-201002402-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802415-SG\",\n patch_updates : make_list(\"ESX350-201008410-SG\", \"ESX350-201012408-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 7, "lastseen": "2019-01-16T20:09:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:vmware:esx:3.0.2", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:2.5.4", "cpe:/o:vmware:esx:3.0.1", "cpe:/o:vmware:esx:2.5.5"], "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module where strings generated by the strxfrm() function were not properly NUL-terminated. This might result in disclosure of data stored in the memory of a Python application using the strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in Python's imageop module. These could allow an attacker to cause a Python application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4965 to this issue.", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "e42db6e022cc1e19a2e8f3ad80a53bbf2f410e00e2f038fdf5f96b317d9fe262", "hashmap": [{"hash": "8ed1f667170a42030a97ce186be5bfa7", "key": "description"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "0c0027a14a19aba990afc5a5562cb4e6", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ea3e5673b2bc305cd06f0999b7c4cf43", "key": "sourceData"}, {"hash": "d6dd5a8e6781837b849efb4a99a529b7", "key": "references"}, {"hash": "ba996e5e98af86fd5a9f58bf52eea4bb", "key": "naslFamily"}, {"hash": "f593b9ead8801922f74f0a5329e31486", "key": "pluginID"}, {"hash": "6ecb84a5b413fb8345d7331feaf0d9e1", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "48683f51f0abb0d8ac8e0bca64e8b68b", "key": "cvelist"}, {"hash": "be877c742fea0de5a9f803394c087d8b", "key": "title"}, {"hash": "aef5ced60fca3cafe7600b4d5483190c", "key": "published"}, {"hash": "5df2b7b6b5e93d786ed4b2a7339ec6e4", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40374", "id": "VMWARE_VMSA-2008-0003.NASL", "lastseen": "2017-10-29T13:43:59", "modified": "2016-11-29T00:00:00", "naslFamily": "VMware ESX Local Security Checks", "objectVersion": "1.3", "pluginID": "40374", "published": "2009-07-27T00:00:00", "references": ["http://lists.vmware.com/pipermail/security-announce/2008/000012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40374);\n script_version(\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/11/29 20:13:36 $\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4308\", \"CVE-2007-4965\", \"CVE-2007-6015\");\n script_bugtraq_id(23887, 25216, 25696, 26462, 26727, 26791);\n script_osvdb_id(35247, 37122, 39191, 40142, 40754);\n script_xref(name:\"VMSA\", value:\"2008-0003\");\n\n script_name(english:\"VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked\n IOCTL command permissions. This flaw might allow a local user\n on the Service Console to cause a denial of service or gain\n privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow\n flaw in the way Samba authenticates remote users. A remote\n unauthenticated user could trigger this flaw to cause the Samba\n server to crash or to execute arbitrary code with the\n permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker\n has access to the Service Console network. The Samba\n client is installed by default in the Service Console, but\n the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an\n integer overflow issue with the way Python's Perl-Compatible\n Regular Expression (PCRE) module handled certain regular\n expressions. If a Python application used the PCRE module to\n compile and execute untrusted regular expressions, it might be\n possible to cause the application to crash, or to execute\n arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module\n where strings generated by the strxfrm() function were not\n properly NUL-terminated. This might result in disclosure of\n data stored in the memory of a Python application using the\n strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in\n Python's imageop module. These could allow an attacker to cause\n a Python application to crash, enter an infinite loop, or\n possibly execute arbitrary code with the privileges of the\n Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4965 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-02-04\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 2.5.4\", patch:\"15\")) flag++;\n\nif (esx_check(ver:\"ESX 2.5.5\", patch:\"4\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003347\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003348\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003350\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003359\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003360\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003362\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802406-SG\",\n patch_updates : make_list(\"ESX350-200911212-UG\", \"ESX350-201002405-BG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802408-SG\",\n patch_updates : make_list(\"ESX350-201002402-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802415-SG\",\n patch_updates : make_list(\"ESX350-201008410-SG\", \"ESX350-201012408-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates", "type": "nessus", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:43:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module where strings generated by the strxfrm() function were not properly NUL-terminated. This might result in disclosure of data stored in the memory of a Python application using the strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in Python's imageop module. These could allow an attacker to cause a Python application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4965 to this issue.", "edition": 2, "enchantments": {}, "hash": "8d462933a28cff3a88da8f9ee380582163b1d07bbaaa7dff043a06b15ca9163b", "hashmap": [{"hash": "8ed1f667170a42030a97ce186be5bfa7", "key": "description"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "0c0027a14a19aba990afc5a5562cb4e6", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ea3e5673b2bc305cd06f0999b7c4cf43", "key": "sourceData"}, {"hash": "d6dd5a8e6781837b849efb4a99a529b7", "key": "references"}, {"hash": "ba996e5e98af86fd5a9f58bf52eea4bb", "key": "naslFamily"}, {"hash": "f593b9ead8801922f74f0a5329e31486", "key": "pluginID"}, {"hash": "6ecb84a5b413fb8345d7331feaf0d9e1", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "48683f51f0abb0d8ac8e0bca64e8b68b", "key": "cvelist"}, {"hash": "be877c742fea0de5a9f803394c087d8b", "key": "title"}, {"hash": "aef5ced60fca3cafe7600b4d5483190c", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40374", "id": "VMWARE_VMSA-2008-0003.NASL", "lastseen": "2016-11-30T05:34:45", "modified": "2016-11-29T00:00:00", "naslFamily": "VMware ESX Local Security Checks", "objectVersion": "1.2", "pluginID": "40374", "published": "2009-07-27T00:00:00", "references": ["http://lists.vmware.com/pipermail/security-announce/2008/000012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40374);\n script_version(\"$Revision: 1.18 $\");\n script_cvs_date(\"$Date: 2016/11/29 20:13:36 $\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4308\", \"CVE-2007-4965\", \"CVE-2007-6015\");\n script_bugtraq_id(23887, 25216, 25696, 26462, 26727, 26791);\n script_osvdb_id(35247, 37122, 39191, 40142, 40754);\n script_xref(name:\"VMSA\", value:\"2008-0003\");\n\n script_name(english:\"VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked\n IOCTL command permissions. This flaw might allow a local user\n on the Service Console to cause a denial of service or gain\n privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow\n flaw in the way Samba authenticates remote users. A remote\n unauthenticated user could trigger this flaw to cause the Samba\n server to crash or to execute arbitrary code with the\n permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker\n has access to the Service Console network. The Samba\n client is installed by default in the Service Console, but\n the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an\n integer overflow issue with the way Python's Perl-Compatible\n Regular Expression (PCRE) module handled certain regular\n expressions. If a Python application used the PCRE module to\n compile and execute untrusted regular expressions, it might be\n possible to cause the application to crash, or to execute\n arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module\n where strings generated by the strxfrm() function were not\n properly NUL-terminated. This might result in disclosure of\n data stored in the memory of a Python application using the\n strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in\n Python's imageop module. These could allow an attacker to cause\n a Python application to crash, enter an infinite loop, or\n possibly execute arbitrary code with the privileges of the\n Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4965 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-02-04\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 2.5.4\", patch:\"15\")) flag++;\n\nif (esx_check(ver:\"ESX 2.5.5\", patch:\"4\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003347\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003348\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003350\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003359\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003360\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003362\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802406-SG\",\n patch_updates : make_list(\"ESX350-200911212-UG\", \"ESX350-201002405-BG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802408-SG\",\n patch_updates : make_list(\"ESX350-201002402-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802415-SG\",\n patch_updates : make_list(\"ESX350-201008410-SG\", \"ESX350-201012408-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates", "type": "nessus", "viewCount": 1}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-11-30T05:34:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:vmware:esx:3.0.2", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:2.5.4", "cpe:/o:vmware:esx:3.0.1", "cpe:/o:vmware:esx:2.5.5"], "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module where strings generated by the strxfrm() function were not properly NUL-terminated. This might result in disclosure of data stored in the memory of a Python application using the strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in Python's imageop module. These could allow an attacker to cause a Python application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4965 to this issue.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "952bfeae207dc765b0d0e40afc7646b42156cdb725cc46ec3c7798547a0b8433", "hashmap": [{"hash": "8ed1f667170a42030a97ce186be5bfa7", "key": "description"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "0c0027a14a19aba990afc5a5562cb4e6", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06d31ea75ce174bd6e8a2331e24a21c2", "key": "modified"}, {"hash": "6020a3014ff8b0dfefb8b14cb0d9c87e", "key": "sourceData"}, {"hash": "d6dd5a8e6781837b849efb4a99a529b7", "key": "references"}, {"hash": "ba996e5e98af86fd5a9f58bf52eea4bb", "key": "naslFamily"}, {"hash": "f593b9ead8801922f74f0a5329e31486", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "48683f51f0abb0d8ac8e0bca64e8b68b", "key": "cvelist"}, {"hash": "be877c742fea0de5a9f803394c087d8b", "key": "title"}, {"hash": "aef5ced60fca3cafe7600b4d5483190c", "key": "published"}, {"hash": "5df2b7b6b5e93d786ed4b2a7339ec6e4", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40374", "id": "VMWARE_VMSA-2008-0003.NASL", "lastseen": "2018-09-02T00:04:55", "modified": "2018-08-06T00:00:00", "naslFamily": "VMware ESX Local Security Checks", "objectVersion": "1.3", "pluginID": "40374", "published": "2009-07-27T00:00:00", "references": ["http://lists.vmware.com/pipermail/security-announce/2008/000012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40374);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4308\", \"CVE-2007-4965\", \"CVE-2007-6015\");\n script_bugtraq_id(23887, 25216, 25696, 26462, 26727, 26791);\n script_xref(name:\"VMSA\", value:\"2008-0003\");\n\n script_name(english:\"VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked\n IOCTL command permissions. This flaw might allow a local user\n on the Service Console to cause a denial of service or gain\n privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow\n flaw in the way Samba authenticates remote users. A remote\n unauthenticated user could trigger this flaw to cause the Samba\n server to crash or to execute arbitrary code with the\n permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker\n has access to the Service Console network. The Samba\n client is installed by default in the Service Console, but\n the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an\n integer overflow issue with the way Python's Perl-Compatible\n Regular Expression (PCRE) module handled certain regular\n expressions. If a Python application used the PCRE module to\n compile and execute untrusted regular expressions, it might be\n possible to cause the application to crash, or to execute\n arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module\n where strings generated by the strxfrm() function were not\n properly NUL-terminated. This might result in disclosure of\n data stored in the memory of a Python application using the\n strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in\n Python's imageop module. These could allow an attacker to cause\n a Python application to crash, enter an infinite loop, or\n possibly execute arbitrary code with the privileges of the\n Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4965 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-02-04\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 2.5.4\", patch:\"15\")) flag++;\n\nif (esx_check(ver:\"ESX 2.5.5\", patch:\"4\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003347\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003348\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003350\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003359\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003360\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003362\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802406-SG\",\n patch_updates : make_list(\"ESX350-200911212-UG\", \"ESX350-201002405-BG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802408-SG\",\n patch_updates : make_list(\"ESX350-201002402-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802415-SG\",\n patch_updates : make_list(\"ESX350-201008410-SG\", \"ESX350-201012408-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-09-02T00:04:55"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module where strings generated by the strxfrm() function were not properly NUL-terminated. This might result in disclosure of data stored in the memory of a Python application using the strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in Python's imageop module. These could allow an attacker to cause a Python application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4965 to this issue.", "edition": 1, "hash": "634ef202263093effca339e3c7bd86f46b754b7ad5b76e24dcdfb07978ebb47c", "hashmap": [{"hash": "8ed1f667170a42030a97ce186be5bfa7", "key": "description"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0c0027a14a19aba990afc5a5562cb4e6", "key": "href"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a33e65a768b0cca01f769a54f9f4ed8b", "key": "cvss"}, {"hash": "d6dd5a8e6781837b849efb4a99a529b7", "key": "references"}, {"hash": "ba996e5e98af86fd5a9f58bf52eea4bb", "key": "naslFamily"}, {"hash": "f593b9ead8801922f74f0a5329e31486", "key": "pluginID"}, {"hash": "800084d14669b7e75c4baba9f7a47966", "key": "modified"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "48683f51f0abb0d8ac8e0bca64e8b68b", "key": "cvelist"}, {"hash": "be877c742fea0de5a9f803394c087d8b", "key": "title"}, {"hash": "aef5ced60fca3cafe7600b4d5483190c", "key": "published"}, {"hash": "611dfd286ebb8290c6e44173c223cdd0", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40374", "id": "VMWARE_VMSA-2008-0003.NASL", "lastseen": "2016-09-26T17:26:13", "modified": "2015-03-19T00:00:00", "naslFamily": "VMware ESX Local Security Checks", "objectVersion": "1.2", "pluginID": "40374", "published": "2009-07-27T00:00:00", "references": ["http://lists.vmware.com/pipermail/security-announce/2008/000012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40374);\n script_version(\"$Revision: 1.17 $\");\n script_cvs_date(\"$Date: 2015/03/19 15:24:54 $\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4308\", \"CVE-2007-4965\", \"CVE-2007-6015\");\n script_bugtraq_id(23887, 25216, 25696, 26462, 26727, 26791);\n script_osvdb_id(35247, 37122, 39191, 40142, 40754);\n script_xref(name:\"VMSA\", value:\"2008-0003\");\n\n script_name(english:\"VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked\n IOCTL command permissions. This flaw might allow a local user\n on the Service Console to cause a denial of service or gain\n privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow\n flaw in the way Samba authenticates remote users. A remote\n unauthenticated user could trigger this flaw to cause the Samba\n server to crash or to execute arbitrary code with the\n permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker\n has access to the Service Console network. The Samba\n client is installed by default in the Service Console, but\n the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an\n integer overflow issue with the way Python's Perl-Compatible\n Regular Expression (PCRE) module handled certain regular\n expressions. If a Python application used the PCRE module to\n compile and execute untrusted regular expressions, it might be\n possible to cause the application to crash, or to execute\n arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module\n where strings generated by the strxfrm() function were not\n properly NUL-terminated. This might result in disclosure of\n data stored in the memory of a Python application using the\n strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in\n Python's imageop module. These could allow an attacker to cause\n a Python application to crash, enter an infinite loop, or\n possibly execute arbitrary code with the privileges of the\n Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4965 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-02-04\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 2.5.4\", patch:\"15\")) flag++;\n\nif (esx_check(ver:\"ESX 2.5.5\", patch:\"4\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003347\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003348\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003350\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003359\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003360\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003362\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802406-SG\",\n patch_updates : make_list(\"ESX350-200911212-UG\", \"ESX350-201002405-BG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802408-SG\",\n patch_updates : make_list(\"ESX350-201002402-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802415-SG\",\n patch_updates : make_list(\"ESX350-201008410-SG\", \"ESX350-201012408-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:13"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:vmware:esx:3.0.2", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:2.5.4", "cpe:/o:vmware:esx:3.0.1", "cpe:/o:vmware:esx:2.5.5"], "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module where strings generated by the strxfrm() function were not properly NUL-terminated. This might result in disclosure of data stored in the memory of a Python application using the strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in Python's imageop module. These could allow an attacker to cause a Python application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4965 to this issue.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "454baaf76ab11d4e4e639937aaed825585064c6b2553d9b3b04f3e8a0c4a0ebf", "hashmap": [{"hash": "8ed1f667170a42030a97ce186be5bfa7", "key": "description"}, {"hash": "0c0027a14a19aba990afc5a5562cb4e6", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06d31ea75ce174bd6e8a2331e24a21c2", "key": "modified"}, {"hash": "6020a3014ff8b0dfefb8b14cb0d9c87e", "key": "sourceData"}, {"hash": "d6dd5a8e6781837b849efb4a99a529b7", "key": "references"}, {"hash": "ba996e5e98af86fd5a9f58bf52eea4bb", "key": "naslFamily"}, {"hash": "f593b9ead8801922f74f0a5329e31486", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "48683f51f0abb0d8ac8e0bca64e8b68b", "key": "cvelist"}, {"hash": "be877c742fea0de5a9f803394c087d8b", "key": "title"}, {"hash": "aef5ced60fca3cafe7600b4d5483190c", "key": "published"}, {"hash": "5df2b7b6b5e93d786ed4b2a7339ec6e4", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40374", "id": "VMWARE_VMSA-2008-0003.NASL", "lastseen": "2018-08-30T19:54:37", "modified": "2018-08-06T00:00:00", "naslFamily": "VMware ESX Local Security Checks", "objectVersion": "1.3", "pluginID": "40374", "published": "2009-07-27T00:00:00", "references": ["http://lists.vmware.com/pipermail/security-announce/2008/000012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40374);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4308\", \"CVE-2007-4965\", \"CVE-2007-6015\");\n script_bugtraq_id(23887, 25216, 25696, 26462, 26727, 26791);\n script_xref(name:\"VMSA\", value:\"2008-0003\");\n\n script_name(english:\"VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked\n IOCTL command permissions. This flaw might allow a local user\n on the Service Console to cause a denial of service or gain\n privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow\n flaw in the way Samba authenticates remote users. A remote\n unauthenticated user could trigger this flaw to cause the Samba\n server to crash or to execute arbitrary code with the\n permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker\n has access to the Service Console network. The Samba\n client is installed by default in the Service Console, but\n the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an\n integer overflow issue with the way Python's Perl-Compatible\n Regular Expression (PCRE) module handled certain regular\n expressions. If a Python application used the PCRE module to\n compile and execute untrusted regular expressions, it might be\n possible to cause the application to crash, or to execute\n arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module\n where strings generated by the strxfrm() function were not\n properly NUL-terminated. This might result in disclosure of\n data stored in the memory of a Python application using the\n strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in\n Python's imageop module. These could allow an attacker to cause\n a Python application to crash, enter an infinite loop, or\n possibly execute arbitrary code with the privileges of the\n Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4965 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-02-04\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 2.5.4\", patch:\"15\")) flag++;\n\nif (esx_check(ver:\"ESX 2.5.5\", patch:\"4\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003347\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003348\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003350\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003359\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003360\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003362\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802406-SG\",\n patch_updates : make_list(\"ESX350-200911212-UG\", \"ESX350-201002405-BG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802408-SG\",\n patch_updates : make_list(\"ESX350-201002402-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802415-SG\",\n patch_updates : make_list(\"ESX350-201008410-SG\", \"ESX350-201012408-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:54:37"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:vmware:esx:3.0.2", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:2.5.4", "cpe:/o:vmware:esx:3.0.1", "cpe:/o:vmware:esx:2.5.5"], "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module where strings generated by the strxfrm() function were not properly NUL-terminated. This might result in disclosure of data stored in the memory of a Python application using the strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in Python's imageop module. These could allow an attacker to cause a Python application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4965 to this issue.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "952bfeae207dc765b0d0e40afc7646b42156cdb725cc46ec3c7798547a0b8433", "hashmap": [{"hash": "8ed1f667170a42030a97ce186be5bfa7", "key": "description"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "0c0027a14a19aba990afc5a5562cb4e6", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "06d31ea75ce174bd6e8a2331e24a21c2", "key": "modified"}, {"hash": "6020a3014ff8b0dfefb8b14cb0d9c87e", "key": "sourceData"}, {"hash": "d6dd5a8e6781837b849efb4a99a529b7", "key": "references"}, {"hash": "ba996e5e98af86fd5a9f58bf52eea4bb", "key": "naslFamily"}, {"hash": "f593b9ead8801922f74f0a5329e31486", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "48683f51f0abb0d8ac8e0bca64e8b68b", "key": "cvelist"}, {"hash": "be877c742fea0de5a9f803394c087d8b", "key": "title"}, {"hash": "aef5ced60fca3cafe7600b4d5483190c", "key": "published"}, {"hash": "5df2b7b6b5e93d786ed4b2a7339ec6e4", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=40374", "id": "VMWARE_VMSA-2008-0003.NASL", "lastseen": "2018-08-10T17:29:08", "modified": "2018-08-06T00:00:00", "naslFamily": "VMware ESX Local Security Checks", "objectVersion": "1.3", "pluginID": "40374", "published": "2009-07-27T00:00:00", "references": ["http://lists.vmware.com/pipermail/security-announce/2008/000012.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40374);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4308\", \"CVE-2007-4965\", \"CVE-2007-6015\");\n script_bugtraq_id(23887, 25216, 25696, 26462, 26727, 26791);\n script_xref(name:\"VMSA\", value:\"2008-0003\");\n\n script_name(english:\"VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked\n IOCTL command permissions. This flaw might allow a local user\n on the Service Console to cause a denial of service or gain\n privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow\n flaw in the way Samba authenticates remote users. A remote\n unauthenticated user could trigger this flaw to cause the Samba\n server to crash or to execute arbitrary code with the\n permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker\n has access to the Service Console network. The Samba\n client is installed by default in the Service Console, but\n the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an\n integer overflow issue with the way Python's Perl-Compatible\n Regular Expression (PCRE) module handled certain regular\n expressions. If a Python application used the PCRE module to\n compile and execute untrusted regular expressions, it might be\n possible to cause the application to crash, or to execute\n arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module\n where strings generated by the strxfrm() function were not\n properly NUL-terminated. This might result in disclosure of\n data stored in the memory of a Python application using the\n strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in\n Python's imageop module. These could allow an attacker to cause\n a Python application to crash, enter an infinite loop, or\n possibly execute arbitrary code with the privileges of the\n Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4965 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-02-04\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 2.5.4\", patch:\"15\")) flag++;\n\nif (esx_check(ver:\"ESX 2.5.5\", patch:\"4\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003347\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003348\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003350\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003359\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003360\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003362\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802406-SG\",\n patch_updates : make_list(\"ESX350-200911212-UG\", \"ESX350-201002405-BG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802408-SG\",\n patch_updates : make_list(\"ESX350-201002402-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802415-SG\",\n patch_updates : make_list(\"ESX350-201008410-SG\", \"ESX350-201012408-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates", "type": "nessus", "viewCount": 1}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-10T17:29:08"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "5df2b7b6b5e93d786ed4b2a7339ec6e4"}, {"key": "cvelist", "hash": "48683f51f0abb0d8ac8e0bca64e8b68b"}, {"key": "cvss", "hash": "2076413bdcb42307d016f5286cbae795"}, {"key": "description", "hash": "8ed1f667170a42030a97ce186be5bfa7"}, {"key": "href", "hash": "0c0027a14a19aba990afc5a5562cb4e6"}, {"key": "modified", "hash": "06d31ea75ce174bd6e8a2331e24a21c2"}, {"key": "naslFamily", "hash": "ba996e5e98af86fd5a9f58bf52eea4bb"}, {"key": "pluginID", "hash": "f593b9ead8801922f74f0a5329e31486"}, {"key": "published", "hash": "aef5ced60fca3cafe7600b4d5483190c"}, {"key": "references", "hash": "d6dd5a8e6781837b849efb4a99a529b7"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "6020a3014ff8b0dfefb8b14cb0d9c87e"}, {"key": "title", "hash": "be877c742fea0de5a9f803394c087d8b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "952bfeae207dc765b0d0e40afc7646b42156cdb725cc46ec3c7798547a0b8433", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "vmware", "idList": ["VMSA-2008-0003"]}, {"type": "cve", "idList": ["CVE-2007-4965", "CVE-2007-6015", "CVE-2006-7228", "CVE-2007-2052", "CVE-2007-4308"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2007-1076.NASL", "CENTOS_RHSA-2007-1076.NASL", "SL_20071210_PYTHON_ON_SL4_X.NASL", "REDHAT-RHSA-2007-1076.NASL", "UBUNTU_USN-585-1.NASL", "REDHAT-RHSA-2007-1077.NASL", "DEBIAN_DSA-1551.NASL", "DEBIAN_DSA-1620.NASL", "GENTOO_GLSA-200711-07.NASL", "REDHAT-RHSA-2007-1117.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1076"]}, {"type": "centos", "idList": ["CESA-2007:1076", "CESA-2007:1077-01"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880338", "OPENVAS:1361412562310870180", "OPENVAS:880338", "OPENVAS:1361412562310880314", "OPENVAS:880314", "OPENVAS:870180", "OPENVAS:870189", "OPENVAS:1361412562310870189", "OPENVAS:1361412562310880319", "OPENVAS:840265"]}, {"type": "redhat", "idList": ["RHSA-2007:1076", "RHSA-2007:1077", "RHSA-2007:1117"]}, {"type": "ubuntu", "idList": ["USN-585-1", "USN-556-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1620-1:7CA52", "DEBIAN:DSA-1551-1:41B8A", "DEBIAN:DSA-1427-1:186C3"]}, {"type": "exploitdb", "idList": ["EDB-ID:30018", "EDB-ID:30592"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7604", "SECURITYVULNS:DOC:18620", "SECURITYVULNS:VULN:8440"]}, {"type": "gentoo", "idList": ["GLSA-200711-07", "GLSA-200712-10", "GLSA-200802-10"]}, {"type": "cert", "idList": ["VU:438395"]}, {"type": "seebug", "idList": ["SSV:2579", "SSV:3195"]}, {"type": "osvdb", "idList": ["OSVDB:35247", "OSVDB:40142"]}, {"type": "freebsd", "idList": ["FFCBD42D-A8C5-11DC-BEC2-02E0185F8D72"]}, {"type": "slackware", "idList": ["SSA-2007-344-01"]}, {"type": "samba", "idList": ["SAMBA:CVE-2007-6015"]}], "modified": "2019-02-21T01:12:12"}, "score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2008-0003. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40374);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4308\", \"CVE-2007-4965\", \"CVE-2007-6015\");\n script_bugtraq_id(23887, 25216, 25696, 26462, 26727, 26791);\n script_xref(name:\"VMSA\", value:\"2008-0003\");\n\n script_name(english:\"VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESX host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"I Updated ESX driver\n\n a. Updated aacraid driver\n\n This patch fixes a flaw in how the aacraid SCSI driver checked\n IOCTL command permissions. This flaw might allow a local user\n on the Service Console to cause a denial of service or gain\n privileges. Thanks to Adaptec for reporting this issue.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4308 to this issue.\n\nII Service Console package security updates\n\n a. Samba\n\n Alin Rad Pop of Secunia Research found a stack-based buffer overflow\n flaw in the way Samba authenticates remote users. A remote\n unauthenticated user could trigger this flaw to cause the Samba\n server to crash or to execute arbitrary code with the\n permissions of the Samba server.\n\n Note: This vulnerability can be exploited only if the attacker\n has access to the Service Console network. The Samba\n client is installed by default in the Service Console, but\n the Samba server is not.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-6015 to this issue.\n\n b. Python\n\n Chris Evans of the Google security research team discovered an\n integer overflow issue with the way Python's Perl-Compatible\n Regular Expression (PCRE) module handled certain regular\n expressions. If a Python application used the PCRE module to\n compile and execute untrusted regular expressions, it might be\n possible to cause the application to crash, or to execute\n arbitrary code with the privileges of the Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2006-7228 to this issue.\n\n Piotr Engelking discovered a flaw in Python's locale module\n where strings generated by the strxfrm() function were not\n properly NUL-terminated. This might result in disclosure of\n data stored in the memory of a Python application using the\n strxfrm() function.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2052 to this issue.\n\n Slythers Bro reported multiple integer overflow flaws in\n Python's imageop module. These could allow an attacker to cause\n a Python application to crash, enter an infinite loop, or\n possibly execute arbitrary code with the privileges of the\n Python interpreter.\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-4965 to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2008/000012.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:2.5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.0.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esx:3.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2008-02-04\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESX 2.5.4\", patch:\"15\")) flag++;\n\nif (esx_check(ver:\"ESX 2.5.5\", patch:\"4\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003347\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003348\")) flag++;\nif (esx_check(ver:\"ESX 3.0.1\", patch:\"ESX-1003350\")) flag++;\n\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003359\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003360\")) flag++;\nif (esx_check(ver:\"ESX 3.0.2\", patch:\"ESX-1003362\")) flag++;\n\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802406-SG\",\n patch_updates : make_list(\"ESX350-200911212-UG\", \"ESX350-201002405-BG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802408-SG\",\n patch_updates : make_list(\"ESX350-201002402-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\nif (\n esx_check(\n ver : \"ESX 3.5.0\",\n patch : \"ESX350-200802415-SG\",\n patch_updates : make_list(\"ESX350-201008410-SG\", \"ESX350-201012408-SG\", \"ESX350-Update01\", \"ESX350-Update02\", \"ESX350-Update03\", \"ESX350-Update04\", \"ESX350-Update05\", \"ESX350-Update05a\")\n )\n) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "VMware ESX Local Security Checks", "pluginID": "40374", "cpe": ["cpe:/o:vmware:esx:3.0.2", "cpe:/o:vmware:esx:3.5", "cpe:/o:vmware:esx:2.5.4", "cpe:/o:vmware:esx:3.0.1", "cpe:/o:vmware:esx:2.5.5"], "scheme": null}

{"vmware": [{"lastseen": "2018-09-02T02:40:43", "bulletinFamily": "unix", "description": "I Updated ESX driver\n", "modified": "2008-04-15T00:00:00", "published": "2008-02-04T00:00:00", "id": "VMSA-2008-0003", "href": "https://www.vmware.com/security/advisories/VMSA-2008-0003.html", "title": "Updated aacraid driver and Samba and Python service console updates", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2018-10-16T10:51:37", "bulletinFamily": "NVD", "description": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.", "modified": "2018-10-15T17:39:00", "published": "2007-09-18T18:17:00", "id": "CVE-2007-4965", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4965", "title": "CVE-2007-4965", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:11:32", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \"domain logons\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.", "modified": "2018-10-30T12:25:11", "published": "2007-12-13T16:46:00", "id": "CVE-2007-6015", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6015", "title": "CVE-2007-6015", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T15:06:09", "bulletinFamily": "NVD", "description": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.", "modified": "2018-10-16T12:41:42", "published": "2007-04-16T18:19:00", "id": "CVE-2007-2052", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2052", "title": "CVE-2007-2052", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-18T15:05:39", "bulletinFamily": "NVD", "description": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.", "modified": "2018-10-16T12:29:47", "published": "2007-11-14T16:46:00", "id": "CVE-2006-7228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7228", "title": "CVE-2006-7228", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T10:51:37", "bulletinFamily": "NVD", "description": "The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.", "modified": "2018-10-15T17:34:20", "published": "2007-08-13T17:17:00", "id": "CVE-2007-4308", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4308", "title": "CVE-2007-4308", "type": "cve", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:19:15", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:1076 :\n\nUpdated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nAn integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2007-1076.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67614", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : python (ELSA-2007-1076)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:1076 and \n# Oracle Linux Security Advisory ELSA-2007-1076 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67614);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(25696, 26462);\n script_xref(name:\"RHSA\", value:\"2007:1076\");\n\n script_name(english:\"Oracle Linux 3 / 4 : python (ELSA-2007-1076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:1076 :\n\nUpdated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000441.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000443.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"python-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"python-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"python-devel-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"python-devel-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"python-tools-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"python-tools-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"tkinter-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"tkinter-2.2.3-6.8\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"python-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.4.el4_6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:17:04", "bulletinFamily": "scanner", "description": "An integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965)", "modified": "2019-01-07T00:00:00", "id": "SL_20071210_PYTHON_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60327", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60327);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0712&L=scientific-linux-errata&T=0&P=1527\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f442abf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"python-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"python-devel-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"python-docs-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"python-tools-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"tkinter-2.2.3-6.8\")) flag++;\n\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"python-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.4.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.4.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.4.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.4.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.4.el4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:29", "bulletinFamily": "scanner", "description": "Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nAn integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2007-1076.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29255", "published": "2007-12-11T00:00:00", "title": "CentOS 3 / 4 : python (CESA-2007:1076)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1076 and \n# CentOS Errata and Security Advisory 2007:1076 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29255);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(25696, 26462);\n script_xref(name:\"RHSA\", value:\"2007:1076\");\n\n script_name(english:\"CentOS 3 / 4 : python (CESA-2007:1076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014491.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5dd3561f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014493.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16e67ad6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014496.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?843fac9d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014497.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2aaf882\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"python-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"python-devel-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"python-docs-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"python-tools-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"tkinter-2.2.3-6.8\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"python-2.3.4-14.4.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"python-devel-2.3.4-14.4.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"python-docs-2.3.4-14.4.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"python-tools-2.3.4-14.4.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"tkinter-2.3.4-14.4.c4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:29", "bulletinFamily": "scanner", "description": "Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nAn integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "modified": "2018-11-16T00:00:00", "id": "REDHAT-RHSA-2007-1076.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29301", "published": "2007-12-11T00:00:00", "title": "RHEL 3 / 4 : python (RHSA-2007:1076)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1076. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29301);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(25696, 26462);\n script_xref(name:\"RHSA\", value:\"2007:1076\");\n\n script_name(english:\"RHEL 3 / 4 : python (RHSA-2007:1076)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1076\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1076\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"python-2.2.3-6.8\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"python-devel-2.2.3-6.8\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"python-tools-2.2.3-6.8\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"tkinter-2.2.3-6.8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-2.3.4-14.4.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-devel-2.3.4-14.4.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-docs-2.3.4-14.4.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-tools-2.3.4-14.4.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"tkinter-2.3.4-14.4.el4_6.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:47", "bulletinFamily": "scanner", "description": "Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script.\n(CVE-2007-2052)\n\nA flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash. (CVE-2007-4965).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-585-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=31461", "published": "2008-03-13T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : python2.4/2.5 vulnerabilities (USN-585-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-585-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31461);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(25696);\n script_xref(name:\"USN\", value:\"585-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : python2.4/2.5 vulnerabilities (USN-585-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Piotr Engelking discovered that strxfrm in Python was not correctly\ncalculating the size of the destination buffer. This could lead to\nsmall information leaks, which might be used by attackers to gain\nadditional knowledge about the state of a running Python script.\n(CVE-2007-2052)\n\nA flaw was discovered in the Python imageop module. If a script using\nthe module could be tricked into processing a specially crafted set of\narguments, a remote attacker could execute arbitrary code, or cause\nthe application to crash. (CVE-2007-4965).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/585-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"idle-python2.4\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dev\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-doc\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-examples\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-gdbm\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-tk\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"idle-python2.5\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-dbg\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-dev\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-doc\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-examples\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-minimal\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"idle-python2.4 / idle-python2.5 / python2.4 / python2.4-dbg / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:10:29", "bulletinFamily": "scanner", "description": "Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nAn integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nUsers of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "modified": "2018-11-16T00:00:00", "id": "REDHAT-RHSA-2007-1077.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29302", "published": "2007-12-11T00:00:00", "title": "RHEL 2.1 : python (RHSA-2007:1077)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1077. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29302);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_bugtraq_id(26462);\n script_xref(name:\"RHSA\", value:\"2007:1077\");\n\n script_name(english:\"RHEL 2.1 : python (RHSA-2007:1077)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored\nin the memory of a Python application using this function.\n(CVE-2007-2052)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1077\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1077\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"python-1.5.2-43.72.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"python-devel-1.5.2-43.72.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"python-docs-1.5.2-43.72.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"python-tools-1.5.2-43.72.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"tkinter-1.5.2-43.72.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:11:06", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure.\n\n - CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch.\n\n - CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code.\n\n - CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1620.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33740", "published": "2008-07-28T00:00:00", "title": "Debian DSA-1620-1 : python2.5 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1620. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33740);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_bugtraq_id(25696, 28715, 28749);\n script_xref(name:\"DSA\", value:\"1620\");\n\n script_name(english:\"Debian DSA-1620-1 : python2.5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Python language. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-2052\n Piotr Engelking discovered that the strxfrm() function\n of the locale module miscalculates the length of an\n internal buffer, which may result in a minor information\n disclosure.\n\n - CVE-2007-4965\n It was discovered that several integer overflows in the\n imageop module may lead to the execution of arbitrary\n code, if a user is tricked into processing malformed\n images. This issue is also tracked as CVE-2008-1679 due\n to an initially incomplete patch.\n\n - CVE-2008-1721\n Justin Ferguson discovered that a buffer overflow in the\n zlib module may lead to the execution of arbitrary code.\n\n - CVE-2008-1887\n Justin Ferguson discovered that insufficient input\n validation in PyString_FromStringAndSize() may lead to\n the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1620\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python2.5 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.5-5+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"idle-python2.5\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5-dbg\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5-dev\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5-examples\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5-minimal\", reference:\"2.5-5+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:10:52", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure.\n\n - CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch.\n\n - CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code.\n\n - CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1551.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=32006", "published": "2008-04-22T00:00:00", "title": "Debian DSA-1551-1 : python2.4 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1551. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32006);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_xref(name:\"DSA\", value:\"1551\");\n\n script_name(english:\"Debian DSA-1551-1 : python2.4 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Python language. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-2052\n Piotr Engelking discovered that the strxfrm() function\n of the locale module miscalculates the length of an\n internal buffer, which may result in a minor information\n disclosure.\n\n - CVE-2007-4965\n It was discovered that several integer overflows in the\n imageop module may lead to the execution of arbitrary\n code, if a user is tricked into processing malformed\n images. This issue is also tracked as CVE-2008-1679 due\n to an initially incomplete patch.\n\n - CVE-2008-1721\n Justin Ferguson discovered that a buffer overflow in the\n zlib module may lead to the execution of arbitrary code.\n\n - CVE-2008-1887\n Justin Ferguson discovered that insufficient input\n validation in PyString_FromStringAndSize() may lead to\n the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1551\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python2.4 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"idle-python2.4\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-dbg\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-dev\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-examples\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-minimal\", reference:\"2.4.4-3+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:24", "bulletinFamily": "scanner", "description": "This update of Samba fixes a buffer overflow in function send_mailslot() that allows to overwrite the stack with zero-bytes.\n(CVE-2007-6015)", "modified": "2012-04-23T00:00:00", "id": "SUSE9_12002.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41171", "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : Samba (YOU Patch Number 12002)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41171);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2012/04/23 18:14:42 $\");\n\n script_cve_id(\"CVE-2007-6015\");\n\n script_name(english:\"SuSE9 Security Update : Samba (YOU Patch Number 12002)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of Samba fixes a buffer overflow in function\nsend_mailslot() that allows to overwrite the stack with zero-bytes.\n(CVE-2007-6015)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-6015.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12002.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"libsmbclient-3.0.20b-3.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"libsmbclient-devel-3.0.20b-3.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-3.0.20b-3.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-client-3.0.20b-3.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-doc-3.0.20b-3.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-pdb-3.0.20b-3.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-python-3.0.20b-3.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-vscan-0.3.6b-0.26.5\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"samba-winbind-3.0.20b-3.26\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"libsmbclient-32bit-9-200712041731\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"samba-32bit-9-200712041731\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"samba-client-32bit-9-200712041731\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"samba-winbind-32bit-9-200712041731\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:10:18", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200711-07 (Python: User-assisted execution of arbitrary code)\n\n Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo() method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files.\n Impact :\n\n A remote attacker could entice a user to process specially crafted images with an application using the Python imageop module, resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Note that this vulnerability may or may not be exploitable, depending on the application using the module.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-08-10T00:00:00", "id": "GENTOO_GLSA-200711-07.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27824", "published": "2007-11-08T00:00:00", "title": "GLSA-200711-07 : Python: User-assisted execution of arbitrary code", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200711-07.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27824);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/10 18:07:07\");\n\n script_cve_id(\"CVE-2007-4965\");\n script_xref(name:\"GLSA\", value:\"200711-07\");\n\n script_name(english:\"GLSA-200711-07 : Python: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200711-07\n(Python: User-assisted execution of arbitrary code)\n\n Slythers Bro discovered multiple integer overflows in the imageop\n module, one of them in the tovideo() method, in various locations in\n files imageop.c, rbgimgmodule.c, and also in other files.\n \nImpact :\n\n A remote attacker could entice a user to process specially crafted\n images with an application using the Python imageop module, resulting\n in the execution of arbitrary code with the privileges of the user\n running the application, or a Denial of Service. Note that this\n vulnerability may or may not be exploitable, depending on the\n application using the module.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200711-07\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Python 2.3.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.3.6-r3'\n All Python 2.4.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/python\", unaffected:make_list(\"rge 2.3.6-r3\", \"ge 2.4.4-r6\"), vulnerable:make_list(\"lt 2.4.4-r6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Python\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-04-09T11:40:15", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870180", "id": "OPENVAS:1361412562310870180", "title": "RedHat Update for python RHSA-2007:1076-02", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1076-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00007.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870180\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1076-02\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"RedHat Update for python RHSA-2007:1076-02\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:25", "bulletinFamily": "scanner", "description": "Check for the Version of python-docs", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880314", "id": "OPENVAS:1361412562310880314", "type": "openvas", "title": "CentOS Update for python-docs CESA-2007:1076 centos3 x86_64", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python-docs CESA-2007:1076 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python-docs on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014497.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880314\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1076\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"CentOS Update for python-docs CESA-2007:1076 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:22", "bulletinFamily": "scanner", "description": "Check for the Version of python-docs", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880338", "id": "OPENVAS:880338", "title": "CentOS Update for python-docs CESA-2007:1076 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python-docs CESA-2007:1076 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python-docs on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014496.html\");\n script_id(880338);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1076\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"CentOS Update for python-docs CESA-2007:1076 centos3 i386\");\n\n script_summary(\"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:26", "bulletinFamily": "scanner", "description": "Check for the Version of python-docs", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880338", "id": "OPENVAS:1361412562310880338", "type": "openvas", "title": "CentOS Update for python-docs CESA-2007:1076 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python-docs CESA-2007:1076 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python-docs on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014496.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880338\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1076\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"CentOS Update for python-docs CESA-2007:1076 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:15", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870180", "id": "OPENVAS:870180", "title": "RedHat Update for python RHSA-2007:1076-02", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1076-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00007.html\");\n script_id(870180);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1076-02\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"RedHat Update for python RHSA-2007:1076-02\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:21", "bulletinFamily": "scanner", "description": "Check for the Version of python-docs", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880314", "id": "OPENVAS:880314", "title": "CentOS Update for python-docs CESA-2007:1076 centos3 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python-docs CESA-2007:1076 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python-docs on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014497.html\");\n script_id(880314);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1076\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"CentOS Update for python-docs CESA-2007:1076 centos3 x86_64\");\n\n script_summary(\"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:59", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870189", "id": "OPENVAS:870189", "title": "RedHat Update for python RHSA-2007:1077-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1077-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00004.html\");\n script_id(870189);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"RedHat Update for python RHSA-2007:1077-01\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:31", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870189", "id": "OPENVAS:1361412562310870189", "type": "openvas", "title": "RedHat Update for python RHSA-2007:1077-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1077-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870189\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"RedHat Update for python RHSA-2007:1077-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:37", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880319", "id": "OPENVAS:1361412562310880319", "type": "openvas", "title": "CentOS Update for python CESA-2007:1077-01 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2007:1077-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014500.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880319\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"CentOS Update for python CESA-2007:1077-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:29:08", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-585-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840265", "id": "OPENVAS:840265", "title": "Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_585_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Piotr Engelking discovered that strxfrm in Python was not correctly\n calculating the size of the destination buffer. This could lead to small\n information leaks, which might be used by attackers to gain additional\n knowledge about the state of a running Python script. (CVE-2007-2052)\n\n A flaw was discovered in the Python imageop module. If a script using\n the module could be tricked into processing a specially crafted set of\n arguments, a remote attacker could execute arbitrary code, or cause the\n application to crash. (CVE-2007-4965)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-585-1\";\ntag_affected = \"python2.4/2.5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-585-1/\");\n script_id(840265);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"USN\", value: \"585-1\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-gdbm\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-tk\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:47:35", "bulletinFamily": "unix", "description": " [2.2.3-6.8]\n \n - Fix possible integer overflow in image ops\n - Fix off by one strxfrm malloc\n - Fix pypcre bugs\n - Resolves: 392031 ", "modified": "2007-12-10T00:00:00", "published": "2007-12-10T00:00:00", "id": "ELSA-2007-1076", "href": "http://linux.oracle.com/errata/ELSA-2007-1076.html", "title": "Moderate: python security update ", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:45:14", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:1076\n\n\nPython is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated. This\r\nmay possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nMultiple integer overflow flaws were discovered in Python's imageop module.\r\nIf an application written in Python used the imageop module to process\r\nuntrusted images, it could cause the application to crash, enter an\r\ninfinite loop, or possibly execute arbitrary code with the privileges of\r\nthe Python interpreter. (CVE-2007-4965)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014491.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014493.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014496.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014497.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014505.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014506.html\n\n**Affected packages:**\npython\npython-devel\npython-docs\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1076.html", "modified": "2007-12-11T09:58:15", "published": "2007-12-10T19:37:17", "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/014491.html", "id": "CESA-2007:1076", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-25T01:00:32", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:1077-01\n\n\nPython is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated, which\r\ncould possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014500.html\n\n**Affected packages:**\npython\npython-devel\npython-docs\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2007-12-11T01:22:44", "published": "2007-12-11T01:22:44", "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/014500.html", "id": "CESA-2007:1077-01", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:10", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated. This\r\nmay possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nMultiple integer overflow flaws were discovered in Python's imageop module.\r\nIf an application written in Python used the imageop module to process\r\nuntrusted images, it could cause the application to crash, enter an\r\ninfinite loop, or possibly execute arbitrary code with the privileges of\r\nthe Python interpreter. (CVE-2007-4965)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T12:13:48", "published": "2007-12-10T05:00:00", "id": "RHSA-2007:1076", "href": "https://access.redhat.com/errata/RHSA-2007:1076", "type": "redhat", "title": "(RHSA-2007:1076) Moderate: python security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:45:11", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated, which\r\ncould possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2018-03-14T19:26:10", "published": "2007-12-10T05:00:00", "id": "RHSA-2007:1077", "href": "https://access.redhat.com/errata/RHSA-2007:1077", "type": "redhat", "title": "(RHSA-2007:1077) Moderate: python security update", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:44:45", "bulletinFamily": "unix", "description": "Samba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA stack buffer overflow flaw was found in the way Samba authenticates\r\nremote users. A remote unauthenticated user could trigger this flaw to\r\ncause the Samba server to crash, or execute arbitrary code with the\r\npermissions of the Samba server. (CVE-2007-6015)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\r\nresponsibly disclosing this issue.\r\n\r\nUsers of Samba are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve this issue.", "modified": "2017-09-08T11:55:26", "published": "2007-12-10T05:00:00", "id": "RHSA-2007:1117", "href": "https://access.redhat.com/errata/RHSA-2007:1117", "type": "redhat", "title": "(RHSA-2007:1117) Critical: samba security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:12", "bulletinFamily": "unix", "description": "Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script. (CVE-2007-2052)\n\nA flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash. (CVE-2007-4965)", "modified": "2008-03-11T00:00:00", "published": "2008-03-11T00:00:00", "id": "USN-585-1", "href": "https://usn.ubuntu.com/585-1/", "title": "Python vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:17", "bulletinFamily": "unix", "description": "Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. If a server was configured with domain logon enabled, an unauthenticated remote attacker could send a specially crafted domain logon packet and execute arbitrary code or crash the Samba service. By default, domain logon is disabled in Ubuntu.", "modified": "2007-12-18T00:00:00", "published": "2007-12-18T00:00:00", "id": "USN-556-1", "href": "https://usn.ubuntu.com/556-1/", "title": "Samba vulnerability", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:40", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1620-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 27, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : python2.5\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887\n\nSeveral vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-2052\n\n Piotr Engelking discovered that the strxfrm() function of the locale\n module miscalculates the length of an internal buffer, which may\n result in a minor information disclosure.\n\nCVE-2007-4965\n\n It was discovered that several integer overflows in the imageop\n module may lead to the execution of arbitrary code, if a user is\n tricked into processing malformed images. This issue is also\n tracked as CVE-2008-1679 due to an initially incomplete patch.\n\nCVE-2008-1721\n \n Justin Ferguson discovered that a buffer overflow in the zlib\n module may lead to the execution of arbitrary code.\n\nCVE-2008-1887\n\n Justin Ferguson discovered that insufficient input validation in\n PyString_FromStringAndSize() may lead to the execution of arbitrary\n code.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.5-5+etch1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.5.2-3.\n\nWe recommend that you upgrade your python2.5 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1.dsc\n Size/MD5 checksum: 1304 1849941ac328ba0bccc45535c5878d4d\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.orig.tar.gz\n Size/MD5 checksum: 11010528 2ce301134620012ad6dafb27bbcab7eb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1.diff.gz\n Size/MD5 checksum: 266589 dfbdc5caf7a95e68f68e0351228284d4\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5-5+etch1_all.deb\n Size/MD5 checksum: 643494 f922c5e48339e5b535a1f23f6e061700\n http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5-5+etch1_all.deb\n Size/MD5 checksum: 63258 4add97730079e7894abbbca4ba5659d4\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_alpha.deb\n Size/MD5 checksum: 849132 28c76f70110314eab90c8ea31d0da51e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_alpha.deb\n Size/MD5 checksum: 2065734 270d593f08cdd06cbe55bdb804a5dc43\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_alpha.deb\n Size/MD5 checksum: 3596900 64d12cc349030683dc125901dff56feb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_alpha.deb\n Size/MD5 checksum: 6079808 4105398688a96f54fb7e043a3bd536d7\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_amd64.deb\n Size/MD5 checksum: 6432058 b7e802bf4a19edfaddc28ebc06bed279\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_amd64.deb\n Size/MD5 checksum: 3589530 9bbd2cea36b04746fa5437d984147f99\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_amd64.deb\n Size/MD5 checksum: 1806598 98bfee87311a8950462a9ab78c7d5719\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_amd64.deb\n Size/MD5 checksum: 849650 a95eeb3b45a0a3f74e314084d581fbd6\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_arm.deb\n Size/MD5 checksum: 1656006 8e8d3d3b991f317384fc1646139712d4\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_arm.deb\n Size/MD5 checksum: 781358 fbb5adac7469048405b2585475393475\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_arm.deb\n Size/MD5 checksum: 3447404 4a10cad96ef0aefc9ba916a39677b826\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_arm.deb\n Size/MD5 checksum: 6017500 f727562323c21bfb371e17ef9691f8e3\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_hppa.deb\n Size/MD5 checksum: 1984570 b083e1afffe4a93dd79ae4b8a7dca474\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_hppa.deb\n Size/MD5 checksum: 3679122 cb5aa4f840a12ee13094089323f0b4f9\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_hppa.deb\n Size/MD5 checksum: 887774 9cc756ce52e5380650ea754c4104c6ca\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_hppa.deb\n Size/MD5 checksum: 6204820 65d3c59dcb56277d838b776f0b2d5176\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_i386.deb\n Size/MD5 checksum: 5989758 79d6a1ed26f230a5b092603346cd31e3\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_i386.deb\n Size/MD5 checksum: 1676014 5d7353787ab562d03bb967732cd7bf46\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_i386.deb\n Size/MD5 checksum: 3445750 4b7b6629d5ee48d8413bd2ee7289726c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_i386.deb\n Size/MD5 checksum: 784320 f49d7ccf7cb106d200559169c4c013f2\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_ia64.deb\n Size/MD5 checksum: 1176036 fbc3971fbbcc8a37b2feec8570a4fa34\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_ia64.deb\n Size/MD5 checksum: 6966656 ca0fe43224b9f329afac2673379ad958\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_ia64.deb\n Size/MD5 checksum: 4037758 3be3cf7835a7e69b3189025edcdca799\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_ia64.deb\n Size/MD5 checksum: 2477104 a5cafad9926f58504c44f980d490d979\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_mips.deb\n Size/MD5 checksum: 819064 263a7a9496d171874461654ecc7db26f\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_mips.deb\n Size/MD5 checksum: 1907220 2175a2f625925e95be148d62f279c210\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_mips.deb\n Size/MD5 checksum: 3525088 a257c17981d12f9f0eb0a86fde85ca71\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_mips.deb\n Size/MD5 checksum: 6507214 8306549937264c9f1cf57288ae7e738b\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_mipsel.deb\n Size/MD5 checksum: 3456110 1a7675c9de9abd3671786d36d3ea263f\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_mipsel.deb\n Size/MD5 checksum: 817730 1a656308b4c158a6d0594f08132f8e16\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_mipsel.deb\n Size/MD5 checksum: 6336980 a01b93c916c6c658747effa637bbb58d\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_mipsel.deb\n Size/MD5 checksum: 1896534 b2b39e4d4e79b6afa13b24beccc5ab7c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_powerpc.deb\n Size/MD5 checksum: 3590820 f419e6c0b439e8391ce118a22f66179e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_powerpc.deb\n Size/MD5 checksum: 843170 ae9e553f9c5e278f42bb6bc2bef215aa\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_powerpc.deb\n Size/MD5 checksum: 6648508 512e75472dcb919d7987472f7ea1c57c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_powerpc.deb\n Size/MD5 checksum: 1809928 1f43ae54d0b5836abbbfc59083d60bb4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_s390.deb\n Size/MD5 checksum: 841474 9e0a8a5eaf9100fb03caa3ac77aa2d63\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_s390.deb\n Size/MD5 checksum: 1816794 a718f4d0c010ca9686068e0bbd8ec919\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_s390.deb\n Size/MD5 checksum: 6535426 4aa0738ecf30b99614440f134a2096fb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_s390.deb\n Size/MD5 checksum: 3614770 6fdb0e38779312a7a66d57e373c38a38\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_sparc.deb\n Size/MD5 checksum: 1759842 5897eefdb79bfeb3cc470959e04dcb7c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_sparc.deb\n Size/MD5 checksum: 5995652 13848fd47c5a9047172d246c12dee03e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_sparc.deb\n Size/MD5 checksum: 3493896 d327f5fc4dbd282db977eade02c9b7eb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_sparc.deb\n Size/MD5 checksum: 778284 bd2ad97592529526e7c08862baf28cdc\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2008-07-27T13:13:43", "published": "2008-07-27T13:13:43", "id": "DEBIAN:DSA-1620-1:7CA52", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00205.html", "title": "[SECURITY] [DSA 1620-1] New python2.5 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:13:27", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1551-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 19, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : python2.4\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887\n\nSeveral vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-2052\n\n Piotr Engelking discovered that the strxfrm() function of the locale\n module miscalculates the length of an internal buffer, which may\n result in a minor information disclosure.\n\nCVE-2007-4965\n\n It was discovered that several integer overflows in the imageop\n module may lead to the execution of arbitrary code, if a user is\n tricked into processing malformed images. This issue is also\n tracked as CVE-2008-1679 due to an initially incomplete patch.\n\nCVE-2008-1721\n \n Justin Ferguson discovered that a buffer overflow in the zlib\n module may lead to the execution of arbitrary code.\n\nCVE-2008-1887\n\n Justin Ferguson discovered that insufficient input validation in\n PyString_FromStringAndSize() may lead to the execution of arbitrary\n code.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.5-2.\n\nWe recommend that you upgrade your python2.4 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz\n Size/MD5 checksum: 195434 8b86b3dc4c5a86a9ad8682fee56f30ca\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz\n Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc\n Size/MD5 checksum: 1201 585773fd24634e05bb56b8cc85215c65\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb\n Size/MD5 checksum: 589642 63092c4cd1ea78c0993345be25a162b8\n http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb\n Size/MD5 checksum: 60864 21664a3f029087144046b6c175e88736\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb\n Size/MD5 checksum: 2968890 60a29f058a96e21d278a738fbb8067bf\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb\n Size/MD5 checksum: 1848176 ddb7c47970f277baa00e6c080e4530bd\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb\n Size/MD5 checksum: 5226532 5aa6daa859acdfdfcb7445586f4a0eb6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb\n Size/MD5 checksum: 963606 38c08ee31ae6189631e503ad3d76fa87\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb\n Size/MD5 checksum: 2967058 6f06a90e94a6068b126413111185aff5\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb\n Size/MD5 checksum: 1635936 d5f98666609c652224b5552f5bb6b7a9\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb\n Size/MD5 checksum: 966196 7436b29b52acd99872d79b595f489ace\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb\n Size/MD5 checksum: 5587046 82444f4d11055f259d0899a0f8574b37\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb\n Size/MD5 checksum: 2881272 408ac2b8cd6180975109364b26ae1c95\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb\n Size/MD5 checksum: 901442 88d59caa6744da5c62a802124087d09c\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb\n Size/MD5 checksum: 1500512 3113ad3590f5969703ce426a23ca67dd\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb\n Size/MD5 checksum: 5351974 4f77de8e3dd9c12aa1e06a57cee82dac\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb\n Size/MD5 checksum: 3073066 1b4498c26a825c27c6d9765ed8a2e33e\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb\n Size/MD5 checksum: 5521834 68a5524fdb007cacc29a38865a43781d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb\n Size/MD5 checksum: 1798220 6c9ce4754c024fbd1674a63c5ba0f06a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb\n Size/MD5 checksum: 1017646 b8dd6490a43da08aa36c43712c360ff8\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb\n Size/MD5 checksum: 2849512 2598cb802b7f5e1aac6404b801a0a7f0\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_i386.deb\n Size/MD5 checksum: 1508782 b8ffe50ecf5dfe173765dc5b263b7737\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_i386.deb\n Size/MD5 checksum: 5176966 f6892dc5e598f1811bfc32ea81a863d6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_i386.deb\n Size/MD5 checksum: 900670 7956a1cf96b4b59de2d9e4972e04fff2\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_ia64.deb\n Size/MD5 checksum: 3371938 88e170459b0762e1db775753f6d69bb5\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_ia64.deb\n Size/MD5 checksum: 2269496 2c1ef318f92b9d4b1c202ad77c8c4462\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_ia64.deb\n Size/MD5 checksum: 1289496 d6fba2d2ea64736cf614b0b3b1ced9bf\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_ia64.deb\n Size/MD5 checksum: 6059106 e1008e68d3d775590b2a29bd7bec7b6c\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mips.deb\n Size/MD5 checksum: 2906992 e6e43c336e1095e3fe7f5985e500bf55\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mips.deb\n Size/MD5 checksum: 1725610 a9e2b6b11b1d9185885a9f99ed2d03b8\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mips.deb\n Size/MD5 checksum: 5646190 5c420d1aa984c190b121c8494c6fca5a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mips.deb\n Size/MD5 checksum: 956712 4949e953435f72cf9d06bb8684170175\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mipsel.deb\n Size/MD5 checksum: 1717120 30986065ecf6810f46294c8ca196b538\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mipsel.deb\n Size/MD5 checksum: 939320 89571b10c2635774f65921083344a911\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mipsel.deb\n Size/MD5 checksum: 5507492 a06d9728ef16072ee50b3a1fcf7d08a8\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mipsel.deb\n Size/MD5 checksum: 2863620 90b6a4b2c498acb4a46e205d36cf8ec9\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_powerpc.deb\n Size/MD5 checksum: 1639780 4b7c83795b6d07c3a4050d5db977c577\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_powerpc.deb\n Size/MD5 checksum: 5778968 7e97b8f62daf0f91e48bf6af20552b51\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_powerpc.deb\n Size/MD5 checksum: 2956174 8e55e492ee8aa6e4787e77b161a245e5\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_powerpc.deb\n Size/MD5 checksum: 978078 9212e583942704f71a07478baa4d6446\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_s390.deb\n Size/MD5 checksum: 973904 3cc580a21934a7f5fac203235386e250\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_s390.deb\n Size/MD5 checksum: 2976776 efb7a2dc81b69a45ead47986d3b8fce5\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_s390.deb\n Size/MD5 checksum: 1646932 146ee8341c514308b15ca151753b3ca8\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_s390.deb\n Size/MD5 checksum: 5667818 9b4543d9a0e5f51e8d9b790f6c3b43c8\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2008-04-19T16:45:23", "published": "2008-04-19T16:45:23", "id": "DEBIAN:DSA-1551-1:41B8A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00122.html", "title": "[SECURITY] [DSA 1551-1] New python2.4 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:12:59", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1427-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 10, 2007 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : samba\nVulnerability : buffer overflow\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2007-6015\n\nAlin Rad Pop discovered that Samba, a LanManager-like file and printer\nserver for Unix, is vulnerable to a buffer overflow in the nmbd code\nwhich handles GETDC mailslot requests, which might lead to the execution\nof arbitrary code.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 3.0.24-6etch9.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion samba 3.0.14a-3sarge11. Packages for m68k will be provided\nlater.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your samba packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 3.1 (oldstable)\n- ----------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz\n Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11.diff.gz\n Size/MD5 checksum: 242955 7b25827e3af56bd7cf8d7b87c467759f\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11.dsc\n Size/MD5 checksum: 1083 cbdc88bb8daa650b5862251e6bba3e02\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge11_all.deb\n Size/MD5 checksum: 12117306 2f1fe646bb3eba5423b34574e1b5372e\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 459832 18eadcaea156add4cd25359218f5803c\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 2409792 edd434da13056e14d342e983158d8885\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 3129712 509390905878e9b03720719f16a965ad\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 4224276 188e6388e87ce974fd760dbf263ca6bf\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 3252894 d3af72e2d16b2b3f90824aa34b87bcaf\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 402528 28acaea72ee86418108ea04539d3fad3\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 660256 1c791022dd982058cf5647f592f6d784\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 1015896 460575f94a54c2bddb91e13ddba1a477\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 1825102 4d787e78dd6a04cc3b01bd8868672738\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 20270978 9c70ddf49ff13063cdb8cf15adb212af\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_alpha.deb\n Size/MD5 checksum: 5239044 981e4fbb6472422e8e704d3ea1da201e\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 1652116 307c1132abb8053442b37f068fb75733\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 381782 3b837625c44f18de4a95af2fd0d96246\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 796314 dc5a1b222462d4bfc956ec05a67562ed\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 5204348 6e32a3e453492fd2d98964d39846d176\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 2195286 cc1e4028fbcc0129280292c4c89b5821\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 6493030 6100e070066c6ec1f604f3db8012928f\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 2811020 0f0043aa383f3c7956a3cc41fffd811d\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 2868596 0a610eccb1aa1800cfbd3410ee200213\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 600276 fe4d08d853d192ae48b57410b878ae28\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 411254 480de07ba82f56768433b76389a4bf69\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_amd64.deb\n Size/MD5 checksum: 4123616 294c663073276fee442d7c7cace2d998\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 2600104 da66772466a548352974dbcc5c4b461d\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 2561480 df839fa9c60e0acef5c6f571995ca1e7\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 4652724 9ceb41ec65f2414ae7801569260a9c2e\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 1485228 285f53e8102e83fefde540383fdfdde7\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 4079434 f314e841d489bc930ca7c01e82038496\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 2010692 f300c19c4c41ea40c8e4fbff021940dd\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 6666394 2db832dfbe04a723634e81fe85f0e7e8\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 823866 d142facbf936f059ae388392d8e26ea6\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 342504 dd84b5495d4309b76db94abe508c9c94\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 376734 82ccbfe4f9a7f032b6881187e2f9f428\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_arm.deb\n Size/MD5 checksum: 545778 ef9b49d6dcd55504e8df82bf3cf4b707\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 4135500 51ce59c64831ffc05eff36a1824a3a3a\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 5553156 5527b9a89782fa666c7b376e915c7029\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 644300 cb19391332eeea2abc56f359717d7358\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 2867596 838c014ed5f335a004634ca66238ecb1\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 6470478 e7e64622179c586e43bf78b51cd2f106\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 404506 5efee9bd5c97717b28fe250c40c6db71\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 2918616 461d12288cbff9d3ff6f26c85436b022\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 1692058 6f3b56f915090a064012ea41309464af\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 895476 575ede94333e43bc3d8b02df9d1ad97c\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 2217084 94b89d7c677ef70932ffa7fdedb6784a\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_hppa.deb\n Size/MD5 checksum: 417738 03e45e57be520f6d84ce34cec0c881e1\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 2567690 2d37f413f21ce57524162266e4f1bda8\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 737810 8b2d19ea96db265fdfbdadff5ff0f43d\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 2007724 e138aed22f3e1935cf26ed3fa8ff363d\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 1484410 20a9e228852305f27072973f996ca45d\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 4059518 7e56977ed50efb4350a834026bb28ab1\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 549652 373a1832dcf4ec902a5b9ed52b507bf9\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 347868 bd1c551f9ce616bc98e1d1d095c375e3\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 2555648 9fe1c732f7453391239730e41d0a633b\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 371296 e3a7b2af7ca91219861ab587d30c5ed2\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 4745926 0b71a1cdad8975cf0a73b8075b305816\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_i386.deb\n Size/MD5 checksum: 6678980 26babded9415dc1bc88f801b0a57a77f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 755196 2b826d80c89de9715b55af8c5e69629a\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 4363060 7bfc53665f2b537d32b1feae4863df18\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 6628996 bde63f1c629e5370f97f0ec1053920fa\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 473680 b9cb38dbee921ba103a06e9bc9d0682d\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 3819472 3045621f350b9c31b761be96ea096a84\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 2855986 7812e25645b2828a20e060ae7726901b\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 2213316 73d34936e9a8c047ce8416fbc0872178\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 548704 707113d347157c11dd6bdd920964504d\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 1035994 71a65fe7e3b89757f4b609387194b1a1\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 675158 209e3caf31987a6db66a797ea1700a46\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_ia64.deb\n Size/MD5 checksum: 3926704 7f0602c9af51f56901eff5b5f36ae002\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 4105490 5dba14adff30047852d233eeaae397fc\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 2780548 548b2ece1a1c2281c14265fb1330293f\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 2158404 9af523509539bbac2981a9eb2f924a59\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 4670402 da6a880410f446a6c4583d8e47594713\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 6762840 9955464d5c7742e1ffc2c0f42336d728\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 1607022 616831ff3af35f3ae92fca547e94f2e4\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 556732 a77a1c759b7ac778122f4377744600b6\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 822220 49926fdb9e5d6c4ffb4bca6ec0b068c1\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 2825192 39ac997edc00060353801846e697f98f\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 357140 711cf983ef422f47cd4dd495cd040f4e\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_mips.deb\n Size/MD5 checksum: 412916 4a0d4ea9f9dac4507fdbd87e5b5ce373\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 356160 720fa5f681bef2423393d2ed11621eba\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 411728 5ab171d7ab61984dc18fd29df254b7d1\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 2820930 2f2919d1b0ca01eefe76637fb0a73d4f\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 1603696 964ab4ae175f7d007054368a4ffbaa32\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 4656652 a9386710d51c6fb3a40593d01cb24372\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 2154860 764da0f8aedeb2f743a97721db14906e\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 4103654 2737fb30022d474bcb576be94c2c7a73\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 813892 ed4c4797e21c9fc8874c56ba7e5e6344\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 6578340 9277b6780dc032ff05668367a53ba8e8\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 554476 6220dcd79a6368df55b09793a31f8d7b\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_mipsel.deb\n Size/MD5 checksum: 2781494 5fae06e38fddca97bcbcec5131c25778\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 2157202 f98bf8c6ee40c28f4fc0ef9d646c4c32\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 4113504 b6a1c090c690461d2322ec9dec15a9c8\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 407414 69183ba04b2e99f6a4166f01fc15f068\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 1614926 2d6613841622eeb033e973dddbadf121\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 368916 bb4b861a0a8f4b91998943f1593886ab\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 2828338 35c001d0a88c558133c44a3b383f393c\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 2776094 984874f26338fc3fc4cede57c0082d1b\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 592180 428e8ae37e6c23a317f29e2ec6c2c23c\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 6866558 9044191a6674af3b27b2faf6e3f543fb\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 5015022 342ab2c996ffb6df2d22b97292dcfe04\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_powerpc.deb\n Size/MD5 checksum: 737768 3e4e9c184995fd7cec8a2f04fb188ac7\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 2777650 5ff72beaba7ea4056989e2bf29b3a73b\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 2125110 28d5443993503bddf5355f0bf0d54cb3\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 386500 825ed15d9cd818b8351649eab44eb6fd\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 2727156 1d154f0e68deb97b6787f409cb0e5130\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 4093734 e67dee2aaea64934dc512169539a62ff\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 604822 9414f2fb7d3a6e259cbcd160bc846155\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 6842308 d55efc02303816e8e34826a419b76c14\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 797640 fd87addb4b9dbe0647d3c0d11b3cf5c3\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 1615246 475278cbea007f6d68503bba29d9a03e\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 5289518 cafa7db4d220e4d655d39fe707db52c1\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_s390.deb\n Size/MD5 checksum: 405324 1149fc501bd4c2eededebd426b30637a\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 2524052 0f3f0ef43406653c68279e6fd94a77fe\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 796608 d07423f193f8b684bc15894341233221\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 561940 00c1ab5f14d2933eee452212f7ff0ef0\n http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 4865106 6dac400a3966a8f3fe828e689223cac3\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 2544020 cc6075496e0e9a91091fe8fb438bb8bc\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 4050558 6b4f64f98e49736e4cd86280137f9026\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 1478542 66bbfda38308cab08bb85363eea9189a\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 6349274 c46d508b3c3d51b6ff1ac3864408e7d7\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 356542 70840fcb26730189200cbae1d7684a00\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 1980596 0372d7f50b7ddf424a33d01ff448dbf2\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_sparc.deb\n Size/MD5 checksum: 372560 84d6691d78967b11b159d0d056c15d5b\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9.dsc\n Size/MD5 checksum: 1425 0093085662e0431fad209440929f145b\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9.diff.gz\n Size/MD5 checksum: 218800 b21ae72e4de1d9a02ed6affa82cea383\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz\n Size/MD5 checksum: 17708128 89273f67a6d8067cbbecefaa13747153\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch9_all.deb\n Size/MD5 checksum: 6913620 7281e96f478d4dee7aacd195724b32af\n http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch9_all.deb\n Size/MD5 checksum: 6599286 d947809c161a47780e01b6f41bbc08bd\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 6706710 44daf2f82f0105f6e085fd0d185e6a29\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 483238 06dc43202c39399be44f57e469f29fdc\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 521602 19cee70d0bb4dd7cac4f6505c27a3dbd\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 114312 6817844a1e715a5a6704805b83d2604d\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 4846030 f9c65c650d91f743861801adfdde8172\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 879810 4c1625c898a4190edaed59e805835dcb\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 956526 a5e5b90bd97a541bf0a79cfe6cf0c205\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 2286680 86d6bc601ee9b049a0898f81dd08319a\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 12299634 3d5613fbdc98b1076960c97a57a2a042\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 4002390 96251678517c656509c90c8ce5507259\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_alpha.deb\n Size/MD5 checksum: 2842028 77317d04a988c264d1b8b362841e03d2\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 3602676 2bcdb691aeb76d348bf3e4bfc4c11630\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 462290 5f5649da68bbb866e60f3aa7695752c0\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 2075220 c478fcb949aee48111adedb4f5f12ddf\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 6255272 220b568b8142ea20dee4fb79c212407d\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 457204 e21c3185439ed831ba34d630b5fe42eb\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 831842 c206908eea659d41d52f4e4ef253fe8a\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 866968 0cf3ce1eb5b9903fcfc1037c49b12b12\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 112616 af04b23aacfb651f71805e41f63761c1\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 12192064 ceff1393ff50f07f88bd20bfa4817a81\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 2597212 74be4465277d7a118c027b80f74ff2cd\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_amd64.deb\n Size/MD5 checksum: 4313998 dcadc145a61ce7d4e238a5f3d670d156\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 1871246 cda0afc2f6b8953fa1c97936c0c0bb31\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 3283072 84a8361adad65e50bf314eba994f70f7\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 2379442 5cac052e1086eb894d16126d595f93d6\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 5591506 376e0b60d06171956b9c84ca4918119c\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 3911122 a521f28fe81c96d32b8d6ddef0240dbd\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 418620 ab96e5c7e7f1effe64bd7cb144f44d15\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 114038 44042c028e3ae73dc8bce8b2d8002e52\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 758848 fe4ffef304c92a991e691d52f7b6102a\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 796008 1d4fbeca5746bed764b9b85449fb93dd\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 419152 5bcf358baff0cb6eb64e4f6e71f48049\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_arm.deb\n Size/MD5 checksum: 11573858 1101b0b502b1ce6606a2dff7024c63c9\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 484810 419523b1c6d72eddb9cb9d15e0d3ad64\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 2648574 d2846df02bdb2e4de54b104e4498c8ef\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 3698642 a9e448373ea322037ce042386fc2a73f\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 471132 08608870878f249f9b0b5c0e10aac86a\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 6561834 4fbf46e756450fc32d2d97c50cf073c7\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 11911298 ea68d175db3cf18f796e17f938a55d13\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 4429736 72e53acfeecbd162b29f335dfb5a3171\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 886602 4094df54f152b8146e998d65617d0eb9\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 877898 558c28570a2d8d25cdad86d925799fc4\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 112604 db9e4fb29cf80f9d8aff5e643f652e38\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_hppa.deb\n Size/MD5 checksum: 2135944 b5c2e030e03d67accf3802e92f8a8618\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 112360 493a87dbec63d053c6f7a6e28f54f249\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 758222 9e2af954a8e3869685044d38e72b466a\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 3880926 bdf66112b011b11ea3852dc028121173\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 5661708 7c7291dbbb6bda716eac916e14e658ab\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 11885918 ff200548f9257f601c6959f64d429df8\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 413164 2d59203c2d3d1c5261dcbb27d3a90b84\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 419128 b85d9e3960e6b109261ac09c1cde5c51\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 1866212 b60aa2de6f2ed451fb512b73a95bb953\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 2381388 7591982d4cd3c6ef8b10b38de498521b\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 793744 fc4f8b45274b027772ec4718d07c7821\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_i386.deb\n Size/MD5 checksum: 3261932 69d75d61ae2961f3b7cccf0f9342a5b8\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 3478010 8303a5be7250e89a004aabed11cb9f01\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 5043732 c4918b33d18543d85a65924bcbadb7cf\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 592338 234ef7c28ac27513bae92b4b3ef22ebc\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 8091412 eed61c0562f6cd4ea5f8812626f6404b\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 112608 d7b25108389feb09da85748a6f90e565\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 11172514 54c65fca36e272ddc4a5c8d337dbc63d\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 1068986 006b5589b0884d8d90ef805c930a6fbb\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 1181972 8d4a5c7b35123cf1e550bbeeac9de313\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 6081504 0ba865a0de9d05ffa16d6cd62334b992\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 2884512 623876b890e24c5bbe91dc24b030ecf9\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_ia64.deb\n Size/MD5 checksum: 627824 f68a8f7bb6c6f6853f61be6d82480ef1\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 2001522 4d4103ab3551534c1969100f03eb7833\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 3543852 4a49e368a5ac9de6fce1913f16f8a49f\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 4176322 6e4b2db0c87ac321bd86cfcc502f1dd3\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 12720546 6f2fd644f61664b69259094db9e5c3aa\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 433292 cac932c4631af8d781b5b89c9e7cdecc\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 2528470 dba89d1b33a65e108b1293f90014ce52\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 5491706 bec8842a1eff351d30031fba25493160\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 454788 006ec3fcdbaee57f6676ef36ff34983b\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 833196 14da93ba752a6e98fd9f132f96a8e948\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 112608 997298089ae08aac522bee51e5080621\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_mips.deb\n Size/MD5 checksum: 754220 99e1f04bce65015e63bcf1f3686d64dd\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 834378 82fbe9e138939a745b0f31cb254b8909\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 454740 df30c366ccd918338bb8eb6863961750\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 2002960 1d54f63bd03c209e0d85ae8c07ca235c\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 2528432 399b82874e2f93c56f62f48883b10237\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 3549616 88302a4a4d45a75b5fda5a93c5c46443\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 12367364 ec1a325abcb409ee792afe4adb8b7b6e\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 5484928 45c2475dae16693949c64390a2373255\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 112608 c65cc47d1de7b109ede96853e4d7e086\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 4173938 02c64eb7416761926e6ff6806852030c\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 754854 7ac4ef7a607ba6e2e93ec1b727f4bfdd\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_mipsel.deb\n Size/MD5 checksum: 432772 2c5b99d39241029a2e0e0c8b9e1841ac\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 2548436 432c498edebe432d9c14eb15b351892b\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 457200 1f8116b87cc1b1a6014adc9998000bf7\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 112604 2af6cd7c0541599137435a656a730345\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 851018 8fa3280da1f1003f1cf8102155cade99\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 450346 c24d82f49e29cd4ad8730ea36935f61c\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 4230328 01fa7ad33be55253d803123ab931ec4e\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 3553148 cd4466808f0b2cc2421d298a1cea0794\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 816360 522ef06615f4d40b23e3372d7c40bc43\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 12442488 6ae700dcbaed48de08027460cd0a911f\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 2029172 57566ca6b15baefd73712e8d620bdc13\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_powerpc.deb\n Size/MD5 checksum: 6019570 4cebaee8623525ec0be1f2484a7113ad\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 459484 98a8b4b8ef2d22cced579673f42566a2\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 112606 552e51d39f4c6bd94da662ba517483da\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 2558162 4ad677306efa8ac256ee24b0413fbb8d\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 844370 fa1bea5e9512d2ef0869355c0eca1319\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 12288814 ebf436458c693aaa71d2877d2d7aaee8\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 6377802 be24ca10954d0469f5c7a7b79e141eac\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 477610 d0c414a69888cf9ced2fe309157e2b47\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 4235848 cd56f667ddfba12617b77575f8f704cf\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 839346 042523f6a10b0114af94f7ba37ce88eb\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 2063910 c1914b9c13f83de66c439448172076fd\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_s390.deb\n Size/MD5 checksum: 3565128 1d852ce7175df15bd29a4cdff1ce9a79\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 1821586 baba1d6c3a4f1ea8667439da75bab304\n http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 3746128 4cad2318e73f692f51b8ee6ce5f789cb\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 758932 6f53366f9d1761ccdc3e0cef71768c1f\n http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 764464 3354d2d25566866a02aca360818abe0c\n http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 3180092 c79d1c55b1d69db53b1dab392877062b\n http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 409672 94a9bd4a82ab721d9ac9e05c806050af\n http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 2306270 73421d55f9c4d95c2e8c5f8ee16058e2\n http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 10772248 adb32fd79889b9254f8b3153d3bf26ba\n http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 422670 9c4e595d0781922f93f8b279bec1247b\n http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 5676212 da9436c5d7a7dc29107db5157bbb0f0e\n http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_sparc.deb\n Size/MD5 checksum: 112602 895f46a86e782f1bd96fb5e8634a9c6d\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2007-12-10T00:00:00", "published": "2007-12-10T00:00:00", "id": "DEBIAN:DSA-1427-1:186C3", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00208.html", "title": "[SECURITY] [DSA 1427-1] New samba packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "description": "strxfrm function leaks memory content.", "modified": "2007-04-19T00:00:00", "published": "2007-04-19T00:00:00", "id": "SECURITYVULNS:VULN:7604", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7604", "title": "Python information leak", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "description": "====================================================================== \r\n\r\n Secunia Research 10/12/2007\r\n\r\n - Samba &quot;send_mailslot&#40;&#41;&quot; Buffer Overflow Vulnerability -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor&#39;s Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1&#41; Affected Software \r\n\r\n* Samba 3.0.27a\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2&#41; Severity \r\n\r\nRating: Moderately critical \r\nImpact: System access\r\nWhere: Local network\r\n\r\n====================================================================== \r\n3&#41; Vendor&#39;s Description of Software \r\n\r\n&quot;Samba is an Open Source/Free Software suite that has, since 1992,\r\nprovided file and print services to all manner of SMB/CIFS clients,\r\nincluding the numerous versions of Microsoft Windows operating systems.\r\nSamba is freely available under the GNU General Public License.&quot;\r\n\r\nProduct Link:\r\nhttp://www.samba.org/\r\n\r\n====================================================================== \r\n4&#41; Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Samba, which can be \r\nexploited by malicious people to compromise a vulnerable system.\r\n\r\nThe vulnerability is caused due to a boundary error within the\r\n&quot;send_mailslot&#40;&#41;&quot; function. This can be exploited to cause a\r\nstack-based buffer overflow with zero bytes via a specially crafted\r\n&quot;SAMLOGON&quot; domain logon packet containing a username string placed at\r\nan odd offset followed by an overly long GETDC string.\r\n\r\nSuccessful exploitation allows execution of arbitrary code, but\r\nrequires that the &quot;domain logons&quot; option is enabled.\r\n\r\n====================================================================== \r\n5&#41; Solution \r\n\r\nA fix should be released later today.\r\n\r\n====================================================================== \r\n6&#41; Time Table \r\n\r\n22/11/2007 - Vendor notified.\r\n22/11/2007 - vendor-sec notified.\r\n23/11/2007 - Vendor response.\r\n10/12/2007 - Public disclosure.\r\n\r\n====================================================================== \r\n7&#41; Credits \r\n\r\nDiscovered by Alin Rad Pop, Secunia Research.\r\n\r\n====================================================================== \r\n8&#41; References\r\n\r\nThe Common Vulnerabilities and Exposures &#40;CVE&#41; project has assigned \r\nCVE-2007-6015 for the vulnerability.\r\n\r\n====================================================================== \r\n9&#41; About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://corporate.secunia.com/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://corporate.secunia.com/secunia_research/33/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/secunia_vacancies/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/secunia_security_advisories/ \r\n\r\n====================================================================== \r\n10&#41; Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2007-99/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "modified": "2007-12-12T00:00:00", "published": "2007-12-12T00:00:00", "id": "SECURITYVULNS:DOC:18620", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18620", "title": "Secunia Research: Samba &quot;send_mailslot&#40;&#41;&quot; Buffer Overflow Vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "description": "Buffer overflow in send_mailslot&#40;&#41; on parsing domain logon request.", "modified": "2007-12-16T00:00:00", "published": "2007-12-16T00:00:00", "id": "SECURITYVULNS:VULN:8440", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8440", "title": "Samba buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:24", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n==========================================================\r\n==\r\n== Subject: Boundary failure in GETDC mailslot\r\n== processing can result in a buffer overrun\r\n==\r\n== CVE ID#: CVE-2007-6015\r\n==\r\n== Versions: Samba 3.0.0 - 3.0.27a &#40;inclusive&#41;\r\n==\r\n== Summary: Specifically crafted GETDC mailslot requests\r\n== can trigger a boundary error in the domain\r\n== controller GETDC mail slot support which\r\n== can be remotely exploited to execute arbitrary\r\n== code.\r\n==\r\n==========================================================\r\n\r\n===========\r\nDescription\r\n===========\r\n\r\nSecunia Research reported a vulnerability that allows for\r\nthe execution of arbitrary code in nmbd. This defect is\r\nonly be exploited when the &quot;domain logons&quot; parameter has\r\nbeen enabled in smb.conf.\r\n\r\n\r\n==================\r\nPatch Availability\r\n==================\r\n\r\nA patch addressing this defect has been posted to\r\n\r\n http://www.samba.org/samba/security/\r\n\r\nAdditionally, Samba 3.0.28 has been issued as a security\r\nrelease to correct the defect.\r\n\r\n\r\n==========\r\nWorkaround\r\n==========\r\n\r\nSamba administrators may avoid this security issue by disabling\r\nboth the &quot;domain logons&quot; options in the server&#39;s smb.conf file.\r\nNote that this will disable all domain controller features as\r\nwell.\r\n\r\n\r\n=======\r\nCredits\r\n=======\r\n\r\nThis vulnerability was reported to Samba developers by\r\nAlin Rad Pop, Secunia Research.\r\n\r\nThe time line is as follows:\r\n\r\n* Nov 22, 2007: Initial report to security@samba.org.\r\n* Nov 22, 2007: First response from Samba developers confirming\r\n the bug along with a proposed patch.\r\n* Dec 10, 2007: Public security advisory made available.\r\n\r\n\r\n==========================================================\r\n== Our Code, Our Bugs, Our Responsibility.\r\n== The Samba Team\r\n==========================================================\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 &#40;GNU/Linux&#41;\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\r\n\r\niD8DBQFHXUQvIR7qMdg1EfYRArG0AJ9hSIu3s0AMtbgeaGDMTbSOXtA6ywCfSypz\r\nT9GCNlOUVnZ2O25IOXQOzLk=\r\n=cISn\r\n-----END PGP SIGNATURE-----", "modified": "2007-12-12T00:00:00", "published": "2007-12-12T00:00:00", "id": "SECURITYVULNS:DOC:18621", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18621", "title": "[SECURITY] Buffer overrun in send_mailslot&#40;&#41;", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T11:36:09", "bulletinFamily": "exploit", "description": "Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability. CVE-2007-2052 . Remote exploit for linux platform", "modified": "2007-05-08T00:00:00", "published": "2007-05-08T00:00:00", "id": "EDB-ID:30018", "href": "https://www.exploit-db.com/exploits/30018/", "type": "exploitdb", "title": "Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/23887/info\r\n\r\nPython applications that use the 'PyLocale_strxfrm' function are prone to an information leak.\r\n\r\nExploiting this issue allows remote attackers to read portions of memory.\r\n\r\nPython 2.4.4-2 and 2.5 are confirmed vulnerable. \r\n\r\n#!/usr/bin/python\r\n\r\nimport locale\r\n\r\nprint locale.setlocale(locale.LC_COLLATE, 'pl_PL.UTF8')\r\nprint repr(locale.strxfrm('a'))\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30018/"}, {"lastseen": "2016-02-03T12:40:56", "bulletinFamily": "exploit", "description": "Python 2.2 ImageOP Module Multiple Integer Overflow Vulnerabilities. CVE-2007-4965. Dos exploits for multiple platform", "modified": "2007-09-17T00:00:00", "published": "2007-09-17T00:00:00", "id": "EDB-ID:30592", "href": "https://www.exploit-db.com/exploits/30592/", "type": "exploitdb", "title": "Python 2.2 ImageOP Module Multiple Integer Overflow Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/25696/info\r\n\r\nPython's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow.\r\n\r\nTo successfully exploit these issues, an attacker must be able to control the arguments to imageop functions. Remote attackers may be able to do this, depending on the nature of applications that use the vulnerable functions.\r\n\r\nAttackers would likely submit invalid or specially crafted images to applications that perform imageop operations on the data.\r\n\r\nA successful exploit may allow attacker-supplied machine code to run in the context of affected applications, facilitating the remote compromise of computers. \r\n\r\n#!/usr/bin/python\r\n\r\nimport imageop\r\n\r\nsexshit = \"a\"*1603\r\nevil = \"p\"*5241\r\nconnard = \"s\"*2000\r\nsupaire= \"45\"*65\r\nprint supaire\r\nconnard = \"cool\"\r\nsalope = \"suceuse\"\r\ndtc = imageop.tovideo(sexshit,1,4461,-2147002257)\r\nsexshit = \"dtc\"*52\r\nprint connard,supaire,\" fin de dump\" \r\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30592/"}], "gentoo": [{"lastseen": "2016-09-06T19:46:40", "bulletinFamily": "unix", "description": "### Background\n\nPython is an interpreted, interactive, object-oriented programming language. \n\n### Description\n\nSlythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo() method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. \n\n### Impact\n\nA remote attacker could entice a user to process specially crafted images with an application using the Python imageop module, resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Note that this vulnerability may or may not be exploitable, depending on the application using the module. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Python 2.3.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.3.6-r3\"\n\nAll Python 2.4.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.4.4-r6\"", "modified": "2007-11-07T00:00:00", "published": "2007-11-07T00:00:00", "id": "GLSA-200711-07", "href": "https://security.gentoo.org/glsa/200711-07", "type": "gentoo", "title": "Python: User-assisted execution of arbitrary code", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:31", "bulletinFamily": "unix", "description": "### Background\n\nSamba is a suite of SMB and CIFS client/server programs for UNIX. \n\n### Description\n\nAlin Rad Pop (Secunia Research) discovered a boundary checking error in the send_mailslot() function which could lead to a stack-based buffer overflow. \n\n### Impact\n\nA remote attacker could send a specially crafted \"SAMLOGON\" domain logon packet, possibly leading to the execution of arbitrary code with elevated privileges. Note that this vulnerability is exploitable only when domain logon support is enabled in Samba, which is not the case in Gentoo's default configuration. \n\n### Workaround\n\nDisable domain logon in Samba by setting \"_domain logons = no_\" in the \"global\" section of your smb.conf and restart Samba. \n\n### Resolution\n\nAll Samba users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-fs/samba-3.0.28\"", "modified": "2007-12-10T00:00:00", "published": "2007-12-10T00:00:00", "id": "GLSA-200712-10", "href": "https://security.gentoo.org/glsa/200712-10", "type": "gentoo", "title": "Samba: Execution of arbitrary code", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-06T19:46:18", "bulletinFamily": "unix", "description": "### Background\n\nPython is an interpreted, interactive, object-oriented programming language. \n\n### Description\n\nPython 2.3 includes a copy of PCRE which is vulnerable to an integer overflow vulnerability, leading to a buffer overflow. \n\n### Impact\n\nAn attacker could exploit the vulnerability by tricking a vulnerable Python application to compile a regular expressions, which could possibly lead to the execution of arbitrary code, a Denial of Service or the disclosure of sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Python 2.3 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.3.6-r4\"", "modified": "2008-02-23T00:00:00", "published": "2008-02-23T00:00:00", "id": "GLSA-200802-10", "href": "https://security.gentoo.org/glsa/200802-10", "type": "gentoo", "title": "Python: PCRE Integer overflow", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:37", "bulletinFamily": "unix", "description": "\nSecuna Research reports:\n\nSecunia Research has discovered a vulnerability in Samba, which\n\t can be exploited by malicious people to compromise a vulnerable\n\t system. The vulnerability is caused due to a boundary error within\n\t the \"send_mailslot()\" function. This can be exploited to cause a\n\t stack-based buffer overflow with zero bytes via a specially crafted\n\t \"SAMLOGON\" domain logon packet containing a username string placed\n\t at an odd offset followed by an overly long GETDC string.\n\t Successful exploitation allows execution of arbitrary code, but\n\t requires that the \"domain logons\" option is enabled.\n\n", "modified": "2008-09-26T00:00:00", "published": "2007-12-10T00:00:00", "id": "FFCBD42D-A8C5-11DC-BEC2-02E0185F8D72", "href": "https://vuxml.freebsd.org/freebsd/ffcbd42d-a8c5-11dc-bec2-02e0185f8d72.html", "title": "samba -- buffer overflow vulnerability", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2018-12-25T20:18:35", "bulletinFamily": "info", "description": "### Overview \n\nThe Samba \"send_mailslot()\" function contains a stack-based buffer overflow vulnerability which could be exploited by a remote, unauthenticated attacker to execute arbitrary code. \n\n### Description \n\nSamba is a widely used open-source implementation of Server Message Block (SMB)/Common Internet File System (CIFS). A stack-based buffer overflow exists in the send_mailslot() function due to the function's improper processing of SAMLOGON packets. By sending a SAMLOGON domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string, an attacker could then overflow the stack to exploit the vulnerability. \n \n--- \n \n### Impact \n\nBy sending a specially crafted SAMLOGON domain logon packet, a remote, unauthenticated attacker can exploit the vulnerability to execute arbitrary code. \n \n--- \n \n### Solution \n\nThis vulnerability is addressed in [Samba version 3.0.28](<http://news.samba.org/releases/3.0.28/>). Patches are also available to address this vulnerability in [Samba version 3.0.27a](<http://us3.samba.org/samba/ftp/patches/security/samba-3.0.27a-CVE-2007-6015.patch>). Samba is included in various Linux and UNIX distributions. Please consult the relevant documentation of your distribution to obtain the appropriate updates. \n \n--- \n \nThe vulnerability requires that the \"domain logons\" be enabled. Therefore, an effective workaround to this vulnerability would be to disable the \"domain logons\" option. \n \n--- \n \n### Vendor Information\n\n438395\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Samba \n\nUpdated: February 14, 2008 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThis vulnerability is addressed in [Samba version 3.0.28](<http://news.samba.org/releases/3.0.28/>). Patches are also available to address this vulnerability in [Samba version 3.0.27a](<http://us3.samba.org/samba/ftp/patches/security/samba-3.0.27a-CVE-2007-6015.patch>). \n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23438395 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://secunia.com/advisories/27760/>\n * <http://docs.info.apple.com/article.html?artnum=307430>\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015>\n\n### Credit\n\nThis vulnerability was discovered by Alin Rad Pop of Secunia Research \n\nThis document was written by Joseph Pruszynski. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-6015](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6015>) \n---|--- \n**Severity Metric:****** | 13.61 \n**Date Public:** | 2007-12-10 \n**Date First Published:** | 2008-02-20 \n**Date Last Updated: ** | 2008-02-25 18:36 UTC \n**Document Revision: ** | 12 \n", "modified": "2008-02-25T18:36:00", "published": "2008-02-20T00:00:00", "id": "VU:438395", "href": "https://www.kb.cert.org/vuls/id/438395", "type": "cert", "title": "Samba \"send_mailslot()\" function buffer overflow", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:53:20", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 26791\r\nCVE(CAN) ID: CVE-2007-6015\r\n\r\nSamba\u662f\u4e00\u5957\u5b9e\u73b0SMB\uff08Server Messages Block\uff09\u534f\u8bae\u3001\u8de8\u5e73\u53f0\u8fdb\u884c\u6587\u4ef6\u5171\u4eab\u548c\u6253\u5370\u5171\u4eab\u670d\u52a1\u7684\u7a0b\u5e8f\u3002\r\n\r\nSamba\u7684send_mailslot()\u51fd\u6570\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u670d\u52a1\u5668\u3002\r\n\r\n\u5982\u679c\u8fdc\u7a0b\u653b\u51fb\u8005\u6240\u53d1\u9001\u7684\u7279\u5236SAMLOGON\u57df\u767b\u5f55\u62a5\u6587\u4e2d\u5728\u5947\u6570\u504f\u79fb\u5305\u542b\u6709\u7528\u6237\u540d\u5b57\u7b26\u4e32\uff0c\u7136\u540e\u8ddf\u968f\u6709\u8d85\u957fGETDC\u5b57\u7b26\u4e32\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u7528\u51680\u7684\u5b57\u8282\u8986\u76d6\u6808\u7f13\u51b2\u533a\u3002\u6210\u529f\u653b\u51fb\u5141\u8bb8\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u4f46\u8981\u6c42\u6253\u5f00\u4e86domain logons\u9009\u9879\u3002\r\n\n\nSamba 3.0.0 - 3.0.27a\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n\u5982\u679c\u60a8\u4e0d\u80fd\u7acb\u523b\u5b89\u88c5\u8865\u4e01\u6216\u8005\u5347\u7ea7\uff0cNSFOCUS\u5efa\u8bae\u60a8\u91c7\u53d6\u4ee5\u4e0b\u63aa\u65bd\u4ee5\u964d\u4f4e\u5a01\u80c1\uff1a\r\n\r\n* \u5728\u670d\u52a1\u5668\u7684smb.conf\u6587\u4ef6\u4e2d\u7981\u7528domain logons\u9009\u9879\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1427-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1427-1\uff1aNew samba packages fix arbitrary code execution\r\n\u94fe\u63a5\uff1a<a href=http://www.debian.org/security/2007/dsa-1427 target=_blank>http://www.debian.org/security/2007/dsa-1427</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz</a>\r\nSize/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11.diff.gz target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11.diff.gz</a>\r\nSize/MD5 checksum: 242955 7b25827e3af56bd7cf8d7b87c467759f\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11.dsc target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11.dsc</a>\r\nSize/MD5 checksum: 1083 cbdc88bb8daa650b5862251e6bba3e02\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge11_all.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge11_all.deb</a>\r\nSize/MD5 checksum: 12117306 2f1fe646bb3eba5423b34574e1b5372e\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 459832 18eadcaea156add4cd25359218f5803c\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 2409792 edd434da13056e14d342e983158d8885\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 3129712 509390905878e9b03720719f16a965ad\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 4224276 188e6388e87ce974fd760dbf263ca6bf\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 3252894 d3af72e2d16b2b3f90824aa34b87bcaf\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 402528 28acaea72ee86418108ea04539d3fad3\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 660256 1c791022dd982058cf5647f592f6d784\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 1015896 460575f94a54c2bddb91e13ddba1a477\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 1825102 4d787e78dd6a04cc3b01bd8868672738\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 20270978 9c70ddf49ff13063cdb8cf15adb212af\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_alpha.deb</a>\r\nSize/MD5 checksum: 5239044 981e4fbb6472422e8e704d3ea1da201e\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 1652116 307c1132abb8053442b37f068fb75733\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 381782 3b837625c44f18de4a95af2fd0d96246\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 796314 dc5a1b222462d4bfc956ec05a67562ed\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 5204348 6e32a3e453492fd2d98964d39846d176\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 2195286 cc1e4028fbcc0129280292c4c89b5821\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 6493030 6100e070066c6ec1f604f3db8012928f\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 2811020 0f0043aa383f3c7956a3cc41fffd811d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 2868596 0a610eccb1aa1800cfbd3410ee200213\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 600276 fe4d08d853d192ae48b57410b878ae28\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 411254 480de07ba82f56768433b76389a4bf69\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_amd64.deb</a>\r\nSize/MD5 checksum: 4123616 294c663073276fee442d7c7cace2d998\r\n\r\narm architecture (ARM)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 2600104 da66772466a548352974dbcc5c4b461d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 2561480 df839fa9c60e0acef5c6f571995ca1e7\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 4652724 9ceb41ec65f2414ae7801569260a9c2e\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 1485228 285f53e8102e83fefde540383fdfdde7\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 4079434 f314e841d489bc930ca7c01e82038496\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 2010692 f300c19c4c41ea40c8e4fbff021940dd\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 6666394 2db832dfbe04a723634e81fe85f0e7e8\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 823866 d142facbf936f059ae388392d8e26ea6\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 342504 dd84b5495d4309b76db94abe508c9c94\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 376734 82ccbfe4f9a7f032b6881187e2f9f428\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_arm.deb</a>\r\nSize/MD5 checksum: 545778 ef9b49d6dcd55504e8df82bf3cf4b707\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 4135500 51ce59c64831ffc05eff36a1824a3a3a\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 5553156 5527b9a89782fa666c7b376e915c7029\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 644300 cb19391332eeea2abc56f359717d7358\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 2867596 838c014ed5f335a004634ca66238ecb1\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 6470478 e7e64622179c586e43bf78b51cd2f106\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 404506 5efee9bd5c97717b28fe250c40c6db71\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 2918616 461d12288cbff9d3ff6f26c85436b022\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 1692058 6f3b56f915090a064012ea41309464af\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 895476 575ede94333e43bc3d8b02df9d1ad97c\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 2217084 94b89d7c677ef70932ffa7fdedb6784a\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_hppa.deb</a>\r\nSize/MD5 checksum: 417738 03e45e57be520f6d84ce34cec0c881e1\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 2567690 2d37f413f21ce57524162266e4f1bda8\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 737810 8b2d19ea96db265fdfbdadff5ff0f43d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 2007724 e138aed22f3e1935cf26ed3fa8ff363d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 1484410 20a9e228852305f27072973f996ca45d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 4059518 7e56977ed50efb4350a834026bb28ab1\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 549652 373a1832dcf4ec902a5b9ed52b507bf9\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 347868 bd1c551f9ce616bc98e1d1d095c375e3\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 2555648 9fe1c732f7453391239730e41d0a633b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 371296 e3a7b2af7ca91219861ab587d30c5ed2\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 4745926 0b71a1cdad8975cf0a73b8075b305816\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_i386.deb</a>\r\nSize/MD5 checksum: 6678980 26babded9415dc1bc88f801b0a57a77f\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 755196 2b826d80c89de9715b55af8c5e69629a\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 4363060 7bfc53665f2b537d32b1feae4863df18\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 6628996 bde63f1c629e5370f97f0ec1053920fa\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 473680 b9cb38dbee921ba103a06e9bc9d0682d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 3819472 3045621f350b9c31b761be96ea096a84\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 2855986 7812e25645b2828a20e060ae7726901b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 2213316 73d34936e9a8c047ce8416fbc0872178\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 548704 707113d347157c11dd6bdd920964504d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 1035994 71a65fe7e3b89757f4b609387194b1a1\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 675158 209e3caf31987a6db66a797ea1700a46\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_ia64.deb</a>\r\nSize/MD5 checksum: 3926704 7f0602c9af51f56901eff5b5f36ae002\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 4105490 5dba14adff30047852d233eeaae397fc\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 2780548 548b2ece1a1c2281c14265fb1330293f\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 2158404 9af523509539bbac2981a9eb2f924a59\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 4670402 da6a880410f446a6c4583d8e47594713\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 6762840 9955464d5c7742e1ffc2c0f42336d728\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 1607022 616831ff3af35f3ae92fca547e94f2e4\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 556732 a77a1c759b7ac778122f4377744600b6\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 822220 49926fdb9e5d6c4ffb4bca6ec0b068c1\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 2825192 39ac997edc00060353801846e697f98f\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 357140 711cf983ef422f47cd4dd495cd040f4e\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_mips.deb</a>\r\nSize/MD5 checksum: 412916 4a0d4ea9f9dac4507fdbd87e5b5ce373\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 356160 720fa5f681bef2423393d2ed11621eba\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 411728 5ab171d7ab61984dc18fd29df254b7d1\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 2820930 2f2919d1b0ca01eefe76637fb0a73d4f\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 1603696 964ab4ae175f7d007054368a4ffbaa32\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 4656652 a9386710d51c6fb3a40593d01cb24372\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 2154860 764da0f8aedeb2f743a97721db14906e\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 4103654 2737fb30022d474bcb576be94c2c7a73\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 813892 ed4c4797e21c9fc8874c56ba7e5e6344\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 6578340 9277b6780dc032ff05668367a53ba8e8\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 554476 6220dcd79a6368df55b09793a31f8d7b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_mipsel.deb</a>\r\nSize/MD5 checksum: 2781494 5fae06e38fddca97bcbcec5131c25778\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 2157202 f98bf8c6ee40c28f4fc0ef9d646c4c32\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 4113504 b6a1c090c690461d2322ec9dec15a9c8\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 407414 69183ba04b2e99f6a4166f01fc15f068\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 1614926 2d6613841622eeb033e973dddbadf121\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 368916 bb4b861a0a8f4b91998943f1593886ab\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 2828338 35c001d0a88c558133c44a3b383f393c\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 2776094 984874f26338fc3fc4cede57c0082d1b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 592180 428e8ae37e6c23a317f29e2ec6c2c23c\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 6866558 9044191a6674af3b27b2faf6e3f543fb\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 5015022 342ab2c996ffb6df2d22b97292dcfe04\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_powerpc.deb</a>\r\nSize/MD5 checksum: 737768 3e4e9c184995fd7cec8a2f04fb188ac7\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 2777650 5ff72beaba7ea4056989e2bf29b3a73b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 2125110 28d5443993503bddf5355f0bf0d54cb3\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 386500 825ed15d9cd818b8351649eab44eb6fd\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 2727156 1d154f0e68deb97b6787f409cb0e5130\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 4093734 e67dee2aaea64934dc512169539a62ff\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 604822 9414f2fb7d3a6e259cbcd160bc846155\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 6842308 d55efc02303816e8e34826a419b76c14\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 797640 fd87addb4b9dbe0647d3c0d11b3cf5c3\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 1615246 475278cbea007f6d68503bba29d9a03e\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 5289518 cafa7db4d220e4d655d39fe707db52c1\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_s390.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_s390.deb</a>\r\nSize/MD5 checksum: 405324 1149fc501bd4c2eededebd426b30637a\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 2524052 0f3f0ef43406653c68279e6fd94a77fe\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 796608 d07423f193f8b684bc15894341233221\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 561940 00c1ab5f14d2933eee452212f7ff0ef0\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 4865106 6dac400a3966a8f3fe828e689223cac3\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 2544020 cc6075496e0e9a91091fe8fb438bb8bc\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 4050558 6b4f64f98e49736e4cd86280137f9026\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 1478542 66bbfda38308cab08bb85363eea9189a\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 6349274 c46d508b3c3d51b6ff1ac3864408e7d7\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 356542 70840fcb26730189200cbae1d7684a00\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 1980596 0372d7f50b7ddf424a33d01ff448dbf2\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_sparc.deb</a>\r\nSize/MD5 checksum: 372560 84d6691d78967b11b159d0d056c15d5b\r\n\r\nDebian 4.0 (stable)\r\n- -------------------\r\n\r\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9.dsc target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9.dsc</a>\r\nSize/MD5 checksum: 1425 0093085662e0431fad209440929f145b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9.diff.gz target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9.diff.gz</a>\r\nSize/MD5 checksum: 218800 b21ae72e4de1d9a02ed6affa82cea383\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz</a>\r\nSize/MD5 checksum: 17708128 89273f67a6d8067cbbecefaa13747153\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch9_all.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch9_all.deb</a>\r\nSize/MD5 checksum: 6913620 7281e96f478d4dee7aacd195724b32af\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch9_all.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch9_all.deb</a>\r\nSize/MD5 checksum: 6599286 d947809c161a47780e01b6f41bbc08bd\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 6706710 44daf2f82f0105f6e085fd0d185e6a29\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 483238 06dc43202c39399be44f57e469f29fdc\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 521602 19cee70d0bb4dd7cac4f6505c27a3dbd\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 114312 6817844a1e715a5a6704805b83d2604d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 4846030 f9c65c650d91f743861801adfdde8172\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 879810 4c1625c898a4190edaed59e805835dcb\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 956526 a5e5b90bd97a541bf0a79cfe6cf0c205\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 2286680 86d6bc601ee9b049a0898f81dd08319a\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 12299634 3d5613fbdc98b1076960c97a57a2a042\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 4002390 96251678517c656509c90c8ce5507259\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_alpha.deb</a>\r\nSize/MD5 checksum: 2842028 77317d04a988c264d1b8b362841e03d2\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 3602676 2bcdb691aeb76d348bf3e4bfc4c11630\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 462290 5f5649da68bbb866e60f3aa7695752c0\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 2075220 c478fcb949aee48111adedb4f5f12ddf\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 6255272 220b568b8142ea20dee4fb79c212407d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 457204 e21c3185439ed831ba34d630b5fe42eb\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 831842 c206908eea659d41d52f4e4ef253fe8a\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 866968 0cf3ce1eb5b9903fcfc1037c49b12b12\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 112616 af04b23aacfb651f71805e41f63761c1\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 12192064 ceff1393ff50f07f88bd20bfa4817a81\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 2597212 74be4465277d7a118c027b80f74ff2cd\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_amd64.deb</a>\r\nSize/MD5 checksum: 4313998 dcadc145a61ce7d4e238a5f3d670d156\r\n\r\narm architecture (ARM)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 1871246 cda0afc2f6b8953fa1c97936c0c0bb31\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 3283072 84a8361adad65e50bf314eba994f70f7\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 2379442 5cac052e1086eb894d16126d595f93d6\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 5591506 376e0b60d06171956b9c84ca4918119c\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 3911122 a521f28fe81c96d32b8d6ddef0240dbd\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 418620 ab96e5c7e7f1effe64bd7cb144f44d15\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 114038 44042c028e3ae73dc8bce8b2d8002e52\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 758848 fe4ffef304c92a991e691d52f7b6102a\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 796008 1d4fbeca5746bed764b9b85449fb93dd\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 419152 5bcf358baff0cb6eb64e4f6e71f48049\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_arm.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_arm.deb</a>\r\nSize/MD5 checksum: 11573858 1101b0b502b1ce6606a2dff7024c63c9\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 484810 419523b1c6d72eddb9cb9d15e0d3ad64\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 2648574 d2846df02bdb2e4de54b104e4498c8ef\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 3698642 a9e448373ea322037ce042386fc2a73f\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 471132 08608870878f249f9b0b5c0e10aac86a\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 6561834 4fbf46e756450fc32d2d97c50cf073c7\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 11911298 ea68d175db3cf18f796e17f938a55d13\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 4429736 72e53acfeecbd162b29f335dfb5a3171\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 886602 4094df54f152b8146e998d65617d0eb9\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 877898 558c28570a2d8d25cdad86d925799fc4\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 112604 db9e4fb29cf80f9d8aff5e643f652e38\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_hppa.deb</a>\r\nSize/MD5 checksum: 2135944 b5c2e030e03d67accf3802e92f8a8618\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 112360 493a87dbec63d053c6f7a6e28f54f249\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 758222 9e2af954a8e3869685044d38e72b466a\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 3880926 bdf66112b011b11ea3852dc028121173\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 5661708 7c7291dbbb6bda716eac916e14e658ab\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 11885918 ff200548f9257f601c6959f64d429df8\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 413164 2d59203c2d3d1c5261dcbb27d3a90b84\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 419128 b85d9e3960e6b109261ac09c1cde5c51\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 1866212 b60aa2de6f2ed451fb512b73a95bb953\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 2381388 7591982d4cd3c6ef8b10b38de498521b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 793744 fc4f8b45274b027772ec4718d07c7821\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_i386.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_i386.deb</a>\r\nSize/MD5 checksum: 3261932 69d75d61ae2961f3b7cccf0f9342a5b8\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 3478010 8303a5be7250e89a004aabed11cb9f01\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 5043732 c4918b33d18543d85a65924bcbadb7cf\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 592338 234ef7c28ac27513bae92b4b3ef22ebc\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 8091412 eed61c0562f6cd4ea5f8812626f6404b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 112608 d7b25108389feb09da85748a6f90e565\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 11172514 54c65fca36e272ddc4a5c8d337dbc63d\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 1068986 006b5589b0884d8d90ef805c930a6fbb\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 1181972 8d4a5c7b35123cf1e550bbeeac9de313\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 6081504 0ba865a0de9d05ffa16d6cd62334b992\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 2884512 623876b890e24c5bbe91dc24b030ecf9\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_ia64.deb</a>\r\nSize/MD5 checksum: 627824 f68a8f7bb6c6f6853f61be6d82480ef1\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 2001522 4d4103ab3551534c1969100f03eb7833\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 3543852 4a49e368a5ac9de6fce1913f16f8a49f\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 4176322 6e4b2db0c87ac321bd86cfcc502f1dd3\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 12720546 6f2fd644f61664b69259094db9e5c3aa\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 433292 cac932c4631af8d781b5b89c9e7cdecc\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 2528470 dba89d1b33a65e108b1293f90014ce52\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 5491706 bec8842a1eff351d30031fba25493160\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 454788 006ec3fcdbaee57f6676ef36ff34983b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 833196 14da93ba752a6e98fd9f132f96a8e948\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 112608 997298089ae08aac522bee51e5080621\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_mips.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_mips.deb</a>\r\nSize/MD5 checksum: 754220 99e1f04bce65015e63bcf1f3686d64dd\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 834378 82fbe9e138939a745b0f31cb254b8909\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 454740 df30c366ccd918338bb8eb6863961750\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 2002960 1d54f63bd03c209e0d85ae8c07ca235c\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 2528432 399b82874e2f93c56f62f48883b10237\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 3549616 88302a4a4d45a75b5fda5a93c5c46443\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 12367364 ec1a325abcb409ee792afe4adb8b7b6e\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 5484928 45c2475dae16693949c64390a2373255\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 112608 c65cc47d1de7b109ede96853e4d7e086\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 4173938 02c64eb7416761926e6ff6806852030c\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 754854 7ac4ef7a607ba6e2e93ec1b727f4bfdd\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_mipsel.deb</a>\r\nSize/MD5 checksum: 432772 2c5b99d39241029a2e0e0c8b9e1841ac\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 2548436 432c498edebe432d9c14eb15b351892b\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 457200 1f8116b87cc1b1a6014adc9998000bf7\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 112604 2af6cd7c0541599137435a656a730345\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 851018 8fa3280da1f1003f1cf8102155cade99\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 450346 c24d82f49e29cd4ad8730ea36935f61c\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 4230328 01fa7ad33be55253d803123ab931ec4e\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 3553148 cd4466808f0b2cc2421d298a1cea0794\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 816360 522ef06615f4d40b23e3372d7c40bc43\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 12442488 6ae700dcbaed48de08027460cd0a911f\r\n<a href=http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_powerpc.deb</a>\r\nSize/MD5 checksum: 2029172 57566ca6b15baefd73712e8d620bdc13", "modified": "2007-12-12T00:00:00", "published": "2007-12-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-2579", "id": "SSV:2579", "type": "seebug", "title": "Samba Send_MailSlot\u51fd\u6570\u8fdc\u7a0b\u6808\u6ea2\u51fa\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-19T21:43:02", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 23887\r\nCVE(CAN) ID: CVE-2007-2052\r\n\r\nPython\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u811a\u672c\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nPython\u7684Modules/_localemodule.c\u6587\u4ef6\u4e2d\u7684PyLocale_strxfrm\u51fd\u6570\u4e2d\u5b58\u5728\u5355\u5b57\u8282\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u8bfb\u53d6\u90e8\u5206\u5185\u5b58\u5185\u5bb9\u3002 \r\n\r\nModules/_localemodule.c:361\r\n356 n1 = strlen(s) + 1;\r\n357 buf = PyMem_Malloc(n1);\r\n358 if (!buf)\r\n359 return PyErr_NoMemory();\r\n360 n2 = strxfrm(buf, s, n1);\r\n\r\n\u5982\u679c\u6240\u8f6c\u6362\u7684\u5b57\u7b26\u4e32\u957f\u4e8e\u539f\u59cb\u5b57\u7b26\u4e32\u7684\u8bdd\uff1a\r\n\r\n361 if (n2 &gt; n1) {\r\n362 /* more space needed */\r\n\r\n\u5728\u8fd9\u91cc\u4f1a\u5206\u914dn2\u5b57\u8282\uff1a\r\n\r\n363 buf = PyMem_Realloc(buf, n2);\r\n364 if (!buf)\r\n365 return PyErr_NoMemory();\r\n\r\n\u5b57\u7b26\u4e32\u4f1a\u4e3an2\u5b57\u7b26\u957f\uff0c\u7ec8\u6b62\u7684\u7a7a\u5b57\u7b26\u4e0d\u9002\u5408\u8fd9\u4e2a\u957f\u5ea6\uff0c\u56e0\u6b64\u5b57\u7b26\u4e32\u4e0d\u4f1a\u7ec8\u6b62\uff0c\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u53ef\u80fd\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002 \r\n\r\n366 strxfrm(buf, s, n2);\r\n367 }\r\n368 result = PyString_FromString(buf);\r\n369 PyMem_Free(buf);\r\n370 return result;\r\n371 }\r\n372\r\n373 #if defined(MS_WINDOWS)\r\n374 static PyObject*\r\n375 PyLocale_getdefaultlocale(PyObject* self)\r\n\n\nPython Software Foundation Python 2.5\r\nPython Software Foundation Python 2.4\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1551-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1551-1\uff1aNew python2.4 packages fix several vulnerabilities\r\n\u94fe\u63a5\uff1a<a href=http://www.debian.org/security/2008/dsa-1551 target=_blank>http://www.debian.org/security/2008/dsa-1551</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz</a>\r\nSize/MD5 checksum: 195434 8b86b3dc4c5a86a9ad8682fee56f30ca\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz</a>\r\nSize/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc</a>\r\nSize/MD5 checksum: 1201 585773fd24634e05bb56b8cc85215c65\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb</a>\r\nSize/MD5 checksum: 589642 63092c4cd1ea78c0993345be25a162b8\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb</a>\r\nSize/MD5 checksum: 60864 21664a3f029087144046b6c175e88736\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb</a>\r\nSize/MD5 checksum: 2968890 60a29f058a96e21d278a738fbb8067bf\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb</a>\r\nSize/MD5 checksum: 1848176 ddb7c47970f277baa00e6c080e4530bd\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb</a>\r\nSize/MD5 checksum: 5226532 5aa6daa859acdfdfcb7445586f4a0eb6\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb</a>\r\nSize/MD5 checksum: 963606 38c08ee31ae6189631e503ad3d76fa87\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb</a>\r\nSize/MD5 checksum: 2967058 6f06a90e94a6068b126413111185aff5\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb</a>\r\nSize/MD5 checksum: 1635936 d5f98666609c652224b5552f5bb6b7a9\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb</a>\r\nSize/MD5 checksum: 966196 7436b29b52acd99872d79b595f489ace\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb</a>\r\nSize/MD5 checksum: 5587046 82444f4d11055f259d0899a0f8574b37\r\n\r\narm architecture (ARM)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb</a>\r\nSize/MD5 checksum: 2881272 408ac2b8cd6180975109364b26ae1c95\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb</a>\r\nSize/MD5 checksum: 901442 88d59caa6744da5c62a802124087d09c\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb</a>\r\nSize/MD5 checksum: 1500512 3113ad3590f5969703ce426a23ca67dd\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb</a>\r\nSize/MD5 checksum: 5351974 4f77de8e3dd9c12aa1e06a57cee82dac\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb</a>\r\nSize/MD5 checksum: 3073066 1b4498c26a825c27c6d9765ed8a2e33e\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb</a>\r\nSize/MD5 checksum: 5521834 68a5524fdb007cacc29a38865a43781d\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb</a>\r\nSize/MD5 checksum: 1798220 6c9ce4754c024fbd1674a63c5ba0f06a\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb</a>\r\nSize/MD5 checksum: 1017646 b8dd6490a43da08aa36c43712c360ff8\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb</a>\r\nSize/MD5 checksum: 2849512 2598cb802b7f5e1aac6404b801a0a7f0\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_i386.deb</a>\r\nSize/MD5 checksum: 1508782 b8ffe50ecf5dfe173765dc5b263b7737\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_i386.deb</a>\r\nSize/MD5 checksum: 5176966 f6892dc5e598f1811bfc32ea81a863d6\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_i386.deb</a>\r\nSize/MD5 checksum: 900670 7956a1cf96b4b59de2d9e4972e04fff2\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_ia64.deb</a>\r\nSize/MD5 checksum: 3371938 88e170459b0762e1db775753f6d69bb5\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_ia64.deb</a>\r\nSize/MD5 checksum: 2269496 2c1ef318f92b9d4b1c202ad77c8c4462\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_ia64.deb</a>\r\nSize/MD5 checksum: 1289496 d6fba2d2ea64736cf614b0b3b1ced9bf\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_ia64.deb</a>\r\nSize/MD5 checksum: 6059106 e1008e68d3d775590b2a29bd7bec7b6c\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mips.deb</a>\r\nSize/MD5 checksum: 2906992 e6e43c336e1095e3fe7f5985e500bf55\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mips.deb</a>\r\nSize/MD5 checksum: 1725610 a9e2b6b11b1d9185885a9f99ed2d03b8\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mips.deb</a>\r\nSize/MD5 checksum: 5646190 5c420d1aa984c190b121c8494c6fca5a\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mips.deb</a>\r\nSize/MD5 checksum: 956712 4949e953435f72cf9d06bb8684170175\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 1717120 30986065ecf6810f46294c8ca196b538\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 939320 89571b10c2635774f65921083344a911\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 5507492 a06d9728ef16072ee50b3a1fcf7d08a8\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 2863620 90b6a4b2c498acb4a46e205d36cf8ec9\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 1639780 4b7c83795b6d07c3a4050d5db977c577\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 5778968 7e97b8f62daf0f91e48bf6af20552b51\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 2956174 8e55e492ee8aa6e4787e77b161a245e5\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 978078 9212e583942704f71a07478baa4d6446\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_s390.deb</a>\r\nSize/MD5 checksum: 973904 3cc580a21934a7f5fac203235386e250\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_s390.deb</a>\r\nSize/MD5 checksum: 2976776 efb7a2dc81b69a45ead47986d3b8fce5\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_s390.deb</a>\r\nSize/MD5 checksum: 1646932 146ee8341c514308b15ca151753b3ca8\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_s390.deb</a>\r\nSize/MD5 checksum: 5667818 9b4543d9a0e5f51e8d9b790f6c3b43c8\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2007:1077-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2007:1077-01\uff1aModerate: python security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2007-1077.html target=_blank>https://www.redhat.com/support/errata/RHSA-2007-1077.html</a>\r\n\r\nPython Software Foundation\r\n--------------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://svn.python.org/view/python/branches/release25-maint/Modules/_localemodule.c?rev=54670&amp;r1=51333&amp;r2=54670 target=_blank>http://svn.python.org/view/python/branches/release25-maint/Modules/_localemodule.c?rev=54670&amp;r1=51333&amp;r2=54670</a>", "modified": "2008-04-23T00:00:00", "published": "2008-04-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3195", "id": "SSV:3195", "type": "seebug", "title": "Python PyLocale_strxfrm\u51fd\u6570\u8fdc\u7a0b\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "sourceData": "\n #!/usr/bin/python\r\n\r\nimport&nbsp;locale\r\n\r\nprint&nbsp;locale.setlocale(locale.LC_COLLATE,&nbsp;'pl_PL.UTF8')\r\nprint&nbsp;repr(locale.strxfrm('a'))\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-3195", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "slackware": [{"lastseen": "2018-08-31T02:37:02", "bulletinFamily": "unix", "description": "New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0,\nand -current to fix a security issue. A boundary failure in GETDC mailslot\nprocessing can result in a buffer overrun leading to possible code\nexecution.\n\nMore details about the issue will become available in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015\n\n\nHere are the details from the Slackware 12.0 ChangeLog:\n\npatches/packages/samba-3.0.28-i486-1_slack12.0.tgz:\n Upgraded to samba-3.0.28.\n Samba 3.0.28 is a security release in order to address a boundary failure\n in GETDC mailslot processing that can result in a buffer overrun leading\n to possible code execution.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6015\n http://www.samba.org/samba/history/samba-3.0.28.html\n http://secunia.com/secunia_research/2007-99/advisory/\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.28-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.28-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.28-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/samba-3.0.28-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/samba-3.0.28-i486-1_slack12.0.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.28-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.0 package:\n053df9ad7a4a1093312eb5a9694b608f samba-3.0.28-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n8e71fbc64008d9a55a808207e34d0613 samba-3.0.28-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\nc7a213d933e30ac464379498a1001c73 samba-3.0.28-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\ne45fdf510d27d8fae340cdf5a3c958e5 samba-3.0.28-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n16e70341053c75cc60868d13f5207abd samba-3.0.28-i486-1_slack12.0.tgz\n\nSlackware -current package:\n6ef212b0e1c058fd968c0252af63413f samba-3.0.28-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg samba-3.0.28-i486-1_slack12.0.tgz\n\nThen, restart Samba: \n > /etc/rc.d/rc.samba restart", "modified": "2007-12-10T15:00:26", "published": "2007-12-10T15:00:26", "id": "SSA-2007-344-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554", "title": "samba", "type": "slackware", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "samba": [{"lastseen": "2018-08-31T00:35:44", "bulletinFamily": "software", "description": "Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect is only be exploited when the &quot;domain logons&quot; parameter has been enabled in smb.conf.", "modified": "2007-12-10T00:00:00", "published": "2007-12-10T00:00:00", "id": "SAMBA:CVE-2007-6015", "href": "https://www.samba.org/samba/security/CVE-2007-6015.html", "title": "Boundary failure in GETDC mailslot processing can result in a buffer overrun ", "type": "samba", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.python.org/download/releases/2.5.1/NEWS.txt\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093\n[Secunia Advisory ID:25190](https://secuniaresearch.flexerasoftware.com/advisories/25190/)\n[Secunia Advisory ID:25353](https://secuniaresearch.flexerasoftware.com/advisories/25353/)\n[Secunia Advisory ID:25787](https://secuniaresearch.flexerasoftware.com/advisories/25787/)\n[Secunia Advisory ID:28050](https://secuniaresearch.flexerasoftware.com/advisories/28050/)\n[Secunia Advisory ID:25217](https://secuniaresearch.flexerasoftware.com/advisories/25217/)\n[Secunia Advisory ID:25233](https://secuniaresearch.flexerasoftware.com/advisories/25233/)\n[Secunia Advisory ID:28027](https://secuniaresearch.flexerasoftware.com/advisories/28027/)\nRedHat RHSA: RHSA-2007:1077\nRedHat RHSA: RHSA-2007:1076\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:099\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_13_sr.html\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-May/000189.html\nOther Advisory URL: https://issues.rpath.com/browse/RPL-1358\nOther Advisory URL: http://www.trustix.org/errata/2007/0019/\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:099\nFrSIRT Advisory: ADV-2007-1465\n[CVE-2007-2052](https://vulners.com/cve/CVE-2007-2052)\nBugtraq ID: 23887\n", "modified": "2007-03-31T06:51:25", "published": "2007-03-31T06:51:25", "href": "https://vulners.com/osvdb/OSVDB:35247", "id": "OSVDB:35247", "title": "Python Modules/_localemodule.c PyLocale_strxfrm() Function Arbitrary Memory Disclosure", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}