Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:13614125623111120101977
HistoryMar 08, 2023 - 12:00 a.m.

Debian: Security Advisory (DSA-1977-1)

2023-03-0800:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
1

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.2%

JSON

The remote host is missing an update for the Debian

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.1.1.2010.1977");
  script_cve_id("CVE-2008-2316", "CVE-2009-3560", "CVE-2009-3720");
  script_tag(name:"creation_date", value:"2023-03-08 12:56:44 +0000 (Wed, 08 Mar 2023)");
  script_version("2024-02-01T14:37:13+0000");
  script_tag(name:"last_modification", value:"2024-02-01 14:37:13 +0000 (Thu, 01 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_name("Debian: Security Advisory (DSA-1977-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(4|5)");

  script_xref(name:"Advisory-ID", value:"DSA-1977-1");
  script_xref(name:"URL", value:"https://www.debian.org/security/2010/DSA-1977-1");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-1977");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'python2.4, python2.5' package(s) announced via the DSA-1977-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. (CVE-2009-3560 CVE-2009-3720) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file.

In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316) It only affects the oldstable distribution (etch).

For the oldstable distribution (etch), these problems have been fixed in version 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.

For the stable distribution (lenny), these problems have been fixed in version 2.4.6-1+lenny1 for python2.4 and version 2.5.2-15+lenny1 for python2.5.

For the unstable distribution (sid), these problems have been fixed in version 2.5.4-3.1 for python2.5, and will migrate to the testing distribution (squeeze) shortly. python2.4 has been removed from the testing distribution (squeeze), and it will be removed from the unstable distribution soon.

We recommend that you upgrade your python packages.");

  script_tag(name:"affected", value:"'python2.4, python2.5' package(s) on Debian 4, Debian 5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB4") {

  if(!isnull(res = isdpkgvuln(pkg:"idle-python2.4", ver:"2.4.4-3+etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"idle-python2.5", ver:"2.5-5+etch2", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4", ver:"2.4.4-3+etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-dbg", ver:"2.4.4-3+etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-dev", ver:"2.4.4-3+etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-examples", ver:"2.4.4-3+etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-minimal", ver:"2.4.4-3+etch3", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5", ver:"2.5-5+etch2", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5-dbg", ver:"2.5-5+etch2", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5-dev", ver:"2.5-5+etch2", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5-examples", ver:"2.5-5+etch2", rls:"DEB4"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5-minimal", ver:"2.5-5+etch2", rls:"DEB4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "DEB5") {

  if(!isnull(res = isdpkgvuln(pkg:"idle-python2.4", ver:"2.4.6-1+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"idle-python2.5", ver:"2.5.2-15+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4", ver:"2.4.6-1+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-dbg", ver:"2.4.6-1+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-dev", ver:"2.4.6-1+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-examples", ver:"2.4.6-1+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.4-minimal", ver:"2.4.6-1+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5", ver:"2.5.2-15+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5-dbg", ver:"2.5.2-15+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5-dev", ver:"2.5.2-15+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5-examples", ver:"2.5.2-15+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python2.5-minimal", ver:"2.5.2-15+lenny1", rls:"DEB5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

debian 1
nessus 67
osv 1
openvas 82
oraclelinux 3
centos 2
redhat 1
fedora 19
prion 2
f5 2
ubuntucve 2
ubuntu 6
cve 2
slackware 2
freebsd 2
debiancve 1
altlinux 2
veracode 1
httpd 1
debian
debian
[SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities
2010-01-25 22:01:20
nessus
nessus
Debian DSA-1977-1 : python2.4 python2.5 - several vulnerabilities
2010-02-24 00:00:00
SuSE 11 Security Update : pyxml (SAT Patch Number 1673)
2009-12-18 00:00:00
Fedora 10 : expat-2.0.1-8.fc10 (2009-12690)
2009-12-07 00:00:00
osv
osv
python - several vulnerabilities
2010-01-25 00:00:00
openvas
openvas
Fedora Core 10 FEDORA-2009-12690 (expat)
2009-12-10 00:00:00
CentOS Security Advisory CESA-2009:1625 (expat)
2009-12-10 00:00:00
Fedora Core 11 FEDORA-2009-12716 (expat)
2009-12-10 00:00:00
oraclelinux
oraclelinux
expat security update
2009-12-07 00:00:00
4Suite security update
2009-11-10 00:00:00
PyXML security update
2010-01-04 00:00:00
centos
centos
expat security update
2009-12-07 23:34:29
4Suite security update
2009-11-10 21:28:54
redhat
redhat
(RHSA-2009:1625) Moderate: expat security update
2009-12-07 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: expat-2.0.1-8.fc10
2009-12-04 23:57:13
[SECURITY] Fedora 11 Update: expat-2.0.1-8.fc11
2009-12-05 00:02:48
[SECURITY] Fedora 12 Update: expat-2.0.1-8.fc12
2009-12-05 00:06:09
prion
prion
Buffer overflow
2009-12-04 21:30:00
Integer overflow
2008-08-01 14:41:00
f5
f5
K15905 : Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2015-03-16 00:00:00
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00
ubuntucve
ubuntucve
CVE-2009-3560
2009-12-04 00:00:00
CVE-2008-2316
2008-08-01 00:00:00
ubuntu
ubuntu
PyXML vulnerabilities
2010-01-26 00:00:00
Expat vulnerabilities
2010-01-20 00:00:00
Python 2.4 vulnerabilities
2010-01-22 00:00:00
cve
cve
CVE-2009-3560
2009-12-04 21:30:00
CVE-2008-2316
2008-08-01 14:41:00
slackware
slackware
[slackware-security] expat
2011-02-11 01:17:08
[slackware-security] httpd
2011-02-11 01:17:26
freebsd
freebsd
apr -- multiple vunerabilities
2010-10-02 00:00:00
libwww -- multiple vulnerabilities
2005-10-12 00:00:00
debiancve
debiancve
CVE-2009-3560
2009-12-04 21:30:00
altlinux
altlinux
Security fix for the ALT Linux 5 package centerim version 4.22.10-alt0.M50P.1
2011-01-13 00:00:00
Security fix for the ALT Linux 5 package centerim version 4.22.10-alt1
2010-11-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:55:28
httpd
httpd
Apache Httpd < 2.2.17 : expat DoS
2009-08-21 00:00:00

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.2%

JSON
Related for OPENVAS:13614125623111120101977
debian1nessus67osv1openvas82oraclelinux3centos2redhat1fedora19prion2f52ubuntucve2ubuntu6cve2slackware2freebsd2debiancve1altlinux2veracode1httpd1