DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:64453", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Security Advisory RHSA-2009:1176", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1176.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "published": "2009-07-29T00:00:00", "modified": "2017-07-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=64453", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": ["http://rhn.redhat.com/errata/RHSA-2009-1176.html", "http://www.redhat.com/security/updates/classification/#moderate"], "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "immutableFields": [], "lastseen": "2017-07-27T10:55:43", "viewCount": 4, "enchantments": {"score": {"value": 1.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2007:1076", "CESA-2007:1077-01", "CESA-2009:1176", "CESA-2009:1178"]}, {"type": "cve", "idList": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031", "CVE-2010-1449", "CVE-2010-1634"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1551-1:41B8A", "DEBIAN:DSA-1620-1:7CA52", "DEBIAN:DSA-1667-1:B9268"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-1449", "DEBIANCVE:CVE-2010-1634"]}, {"type": "exploitdb", "idList": ["EDB-ID:10229"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:6F4BE7377CBDEC35F258FFC9DEA11116"]}, {"type": "fedora", "idList": ["FEDORA:L9TJ3EEU002671"]}, {"type": "freebsd", "idList": ["0DCCAA28-7F3C-11DD-8DE5-0030843D3802", "EC41C3E2-129C-11DD-BAB7-0016179B2DD5"]}, {"type": "gentoo", "idList": ["GLSA-200711-07", "GLSA-200807-01", "GLSA-200807-16", "GLSA-200907-16"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2007-1076.NASL", "CENTOS_RHSA-2009-1176.NASL", "CENTOS_RHSA-2009-1178.NASL", "DEBIAN_DSA-1551.NASL", "DEBIAN_DSA-1620.NASL", "DEBIAN_DSA-1667.NASL", "FEDORA_2007-2663.NASL", "FREEBSD_PKG_0DCCAA287F3C11DD8DE50030843D3802.NASL", "FREEBSD_PKG_EC41C3E2129C11DDBAB70016179B2DD5.NASL", "GENTOO_GLSA-200711-07.NASL", "GENTOO_GLSA-200807-01.NASL", "GENTOO_GLSA-200807-16.NASL", "GENTOO_GLSA-200907-16.NASL", "MACOSX_SECUPD2007-009.NASL", "MACOSX_SECUPD2009-001.NASL", "MANDRAKE_MDKSA-2007-099.NASL", "MANDRIVA_MDVSA-2008-013.NASL", "MANDRIVA_MDVSA-2008-085.NASL", "MANDRIVA_MDVSA-2008-163.NASL", "MANDRIVA_MDVSA-2009-003.NASL", "MANDRIVA_MDVSA-2010-132.NASL", "MANDRIVA_MDVSA-2010-215.NASL", "NEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL", "ORACLELINUX_ELSA-2007-1076.NASL", "ORACLELINUX_ELSA-2009-1176.NASL", "ORACLELINUX_ELSA-2009-1177.NASL", "ORACLELINUX_ELSA-2009-1178.NASL", "REDHAT-RHSA-2007-1076.NASL", "REDHAT-RHSA-2007-1077.NASL", "REDHAT-RHSA-2008-0264.NASL", "REDHAT-RHSA-2008-0525.NASL", "REDHAT-RHSA-2008-0629.NASL", "REDHAT-RHSA-2009-1176.NASL", "REDHAT-RHSA-2009-1177.NASL", "REDHAT-RHSA-2009-1178.NASL", "SLACKWARE_SSA_2008-217-01.NASL", "SL_20071210_PYTHON_ON_SL4_X.NASL", "SL_20090727_PYTHON_FOR_SL5_X.NASL", "SL_20090728_PYTHON_FOR_SL_3_0_X.NASL", "SL_20090728_PYTHON_FOR_SL_4_X.NASL", "SOLARIS11_PYTHON_20130313.NASL", "SUSE9_12046.NASL", "SUSE9_12215.NASL", "SUSE9_12316.NASL", "SUSE_11_0_PYTHON-080801.NASL", "SUSE_11_0_PYTHON-081201.NASL", "SUSE_PYTHON-3478.NASL", "SUSE_PYTHON-3749.NASL", "SUSE_PYTHON-3750.NASL", "SUSE_PYTHON-4900.NASL", "SUSE_PYTHON-4902.NASL", "SUSE_PYTHON-5490.NASL", "SUSE_PYTHON-5491.NASL", "SUSE_PYTHON-5837.NASL", "SUSE_PYTHON-5848.NASL", "SUSE_SU-2020-0234-1.NASL", "UBUNTU_USN-585-1.NASL", "UBUNTU_USN-632-1.NASL", "UBUNTU_USN-806-1.NASL", "VMWARE_VMSA-2008-0003.NASL", "VMWARE_VMSA-2009-0016.NASL", "VMWARE_VMSA-2009-0016_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102023", "OPENVAS:102026", "OPENVAS:1361412562310102023", "OPENVAS:1361412562310102026", "OPENVAS:1361412562310122463", "OPENVAS:136141256231061467", "OPENVAS:136141256231063136", "OPENVAS:136141256231063186", "OPENVAS:136141256231063187", "OPENVAS:136141256231063188", "OPENVAS:136141256231063373", "OPENVAS:136141256231064438", "OPENVAS:136141256231064453", "OPENVAS:136141256231064454", "OPENVAS:136141256231064455", "OPENVAS:136141256231064493", "OPENVAS:136141256231064583", "OPENVAS:136141256231065027", "OPENVAS:136141256231065048", "OPENVAS:136141256231065112", "OPENVAS:136141256231065615", "OPENVAS:136141256231065883", "OPENVAS:136141256231065933", "OPENVAS:136141256231065960", "OPENVAS:1361412562310800052", "OPENVAS:1361412562310800056", "OPENVAS:1361412562310830058", "OPENVAS:1361412562310830590", "OPENVAS:1361412562310830625", "OPENVAS:1361412562310830740", "OPENVAS:1361412562310831110", "OPENVAS:1361412562310831224", "OPENVAS:1361412562310870180", "OPENVAS:1361412562310870189", "OPENVAS:1361412562310880314", "OPENVAS:1361412562310880319", "OPENVAS:1361412562310880338", "OPENVAS:1361412562310880715", "OPENVAS:1361412562310880881", "OPENVAS:1361412562310900105", "OPENVAS:1361412562310900106", "OPENVAS:58746", "OPENVAS:60798", "OPENVAS:60890", "OPENVAS:61216", "OPENVAS:61372", "OPENVAS:61391", "OPENVAS:61467", "OPENVAS:61617", "OPENVAS:61905", "OPENVAS:63136", "OPENVAS:63186", "OPENVAS:63187", "OPENVAS:63188", "OPENVAS:63373", "OPENVAS:64438", "OPENVAS:64454", "OPENVAS:64455", "OPENVAS:64488", "OPENVAS:64493", "OPENVAS:64583", "OPENVAS:65027", "OPENVAS:65048", "OPENVAS:65112", "OPENVAS:65615", "OPENVAS:65883", "OPENVAS:65933", "OPENVAS:65960", "OPENVAS:800052", "OPENVAS:800056", "OPENVAS:830058", "OPENVAS:830590", "OPENVAS:830625", "OPENVAS:830740", "OPENVAS:831110", "OPENVAS:831224", "OPENVAS:840265", "OPENVAS:840343", "OPENVAS:861387", "OPENVAS:870180", "OPENVAS:870189", "OPENVAS:880314", "OPENVAS:880319", "OPENVAS:880338", "OPENVAS:880715", "OPENVAS:880881", "OPENVAS:900105", "OPENVAS:900106"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1076", "ELSA-2009-1176", "ELSA-2009-1177", "ELSA-2009-1178", "ELSA-2011-0027"]}, {"type": "osv", "idList": ["OSV:DSA-1551-1", "OSV:DSA-1620-1", "OSV:DSA-1667-1"]}, {"type": "redhat", "idList": ["RHSA-2007:1076", "RHSA-2007:1077", "RHSA-2008:0264", "RHSA-2008:0525", "RHSA-2008:0629", "RHSA-2009:1176", "RHSA-2009:1177", "RHSA-2009:1178"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20272", "SECURITYVULNS:DOC:24260", "SECURITYVULNS:VULN:7604", "SECURITYVULNS:VULN:8889", "SECURITYVULNS:VULN:9190"]}, {"type": "seebug", "idList": ["SSV:18331", "SSV:3195", "SSV:3787", "SSV:3800", "SSV:60622", "SSV:60623", "SSV:67092"]}, {"type": "slackware", "idList": ["SSA-2008-217-01"]}, {"type": "ubuntu", "idList": ["USN-585-1", "USN-632-1", "USN-806-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-2052", "UB:CVE-2007-4965", "UB:CVE-2008-1679", "UB:CVE-2008-1721", "UB:CVE-2008-1887", "UB:CVE-2008-2315", "UB:CVE-2008-3142", "UB:CVE-2008-3143", "UB:CVE-2008-3144", "UB:CVE-2008-4864", "UB:CVE-2008-5031", "UB:CVE-2009-4134", "UB:CVE-2010-1449", "UB:CVE-2010-1450", "UB:CVE-2010-1634"]}, {"type": "veracode", "idList": ["VERACODE:23738", "VERACODE:23739", "VERACODE:23740", "VERACODE:23741", "VERACODE:23742", "VERACODE:23743", "VERACODE:23744", "VERACODE:23745", "VERACODE:23746", "VERACODE:23747"]}, {"type": "vmware", "idList": ["VMSA-2008-0003", "VMSA-2008-0003.1", "VMSA-2009-0016", "VMSA-2009-0016.6"]}]}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2009:1176", "CESA-2009:1178"]}, {"type": "cve", "idList": ["CVE-2007-2052", "CVE-2007-4965"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1551-1:41B8A"]}, {"type": "exploitdb", "idList": ["EDB-ID:10229"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:6F4BE7377CBDEC35F258FFC9DEA11116"]}, {"type": "fedora", "idList": ["FEDORA:L9TJ3EEU002671"]}, {"type": "freebsd", "idList": ["0DCCAA28-7F3C-11DD-8DE5-0030843D3802", "EC41C3E2-129C-11DD-BAB7-0016179B2DD5"]}, {"type": "gentoo", "idList": ["GLSA-200807-01"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/VMSA-2009-0016-5-UPDATED-SERVICE-CONSOLE-PACKAGE-PYTHON-CVE-2008-4864/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2009-1176.NASL", "SUSE9_12316.NASL", "SUSE_11_0_PYTHON-081201.NASL", "SUSE_PYTHON-4900.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231061467", "OPENVAS:136141256231064455", "OPENVAS:136141256231065027", "OPENVAS:136141256231065048", "OPENVAS:1361412562310830058", "OPENVAS:1361412562310900105", "OPENVAS:58746", "OPENVAS:63136", "OPENVAS:65112", "OPENVAS:65933"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1076"]}, {"type": "redhat", "idList": ["RHSA-2009:1178"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20272"]}, {"type": "seebug", "idList": ["SSV:60623"]}, {"type": "slackware", "idList": ["SSA-2008-217-01"]}, {"type": "ubuntu", "idList": ["USN-632-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-2052", "UB:CVE-2008-1887", "UB:CVE-2008-3143"]}, {"type": "vmware", "idList": ["VMSA-2008-0003.1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2007-2052", "epss": "0.017170000", "percentile": "0.858950000", "modified": "2023-03-15"}, {"cve": "CVE-2008-1721", "epss": "0.100810000", "percentile": "0.939520000", "modified": "2023-03-15"}, {"cve": "CVE-2008-3143", "epss": "0.010510000", "percentile": "0.817550000", "modified": "2023-03-15"}, {"cve": "CVE-2008-4864", "epss": "0.007030000", "percentile": "0.772660000", "modified": "2023-03-15"}, {"cve": "CVE-2007-4965", "epss": "0.037640000", "percentile": "0.904110000", "modified": "2023-03-15"}, {"cve": "CVE-2008-3144", "epss": "0.013130000", "percentile": "0.838610000", "modified": "2023-03-15"}, {"cve": "CVE-2008-3142", "epss": "0.002270000", "percentile": "0.591840000", "modified": "2023-03-15"}, {"cve": "CVE-2008-2315", "epss": "0.014710000", "percentile": "0.847210000", "modified": "2023-03-15"}, {"cve": "CVE-2008-1887", "epss": "0.004340000", "percentile": "0.706320000", "modified": "2023-03-15"}, {"cve": "CVE-2008-5031", "epss": "0.011650000", "percentile": "0.827440000", "modified": "2023-03-15"}], "vulnersScore": 1.3}, "_state": {"dependencies": 1678913968, "score": 1683821708, "epss": 1678928294}, "_internal": {"score_hash": "874fcb42d1b3fdc900dfbeb8bfde97bc"}, "pluginID": "64453", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1176.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1176 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1176.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64453);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1176\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1176.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Red Hat Local Security Checks"}

{"openvas": [{"lastseen": "2018-04-06T11:37:06", "description": "The remote host is missing updates to python announced in\nadvisory CESA-2009:1176.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1176 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064583", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064583", "sourceData": "#CESA-2009:1176 64583 2\n# $Id: ovcesa2009_1176.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1176 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1176\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1176\";\ntag_summary = \"The remote host is missing updates to python announced in\nadvisory CESA-2009:1176.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64583\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1176 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:31", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1176.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1176", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064453", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064453", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1176.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1176 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1176.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64453\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1176\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1176.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:31", "description": "Oracle Linux Local Security Checks ELSA-2009-1176", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-1176", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122463", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122463", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1176.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122463\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:52 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1176\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1176 - python security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1176\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1176.html\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:57", "description": "The remote host is missing updates to python announced in\nadvisory CESA-2009:1176.", "cvss3": {}, "published": "2009-08-17T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1176 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64583", "href": "http://plugins.openvas.org/nasl.php?oid=64583", "sourceData": "#CESA-2009:1176 64583 2\n# $Id: ovcesa2009_1176.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1176 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1176\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1176\";\ntag_summary = \"The remote host is missing updates to python announced in\nadvisory CESA-2009:1176.\";\n\n\n\nif(description)\n{\n script_id(64583);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1176 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:27", "description": "Check for the Version of python", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2009:1176 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880881", "href": "http://plugins.openvas.org/nasl.php?oid=880881", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2009:1176 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n When the assert() system call was disabled, an input sanitization flaw was\n revealed in the Python string object implementation that led to a buffer\n overflow. The missing check for negative size values meant the Python\n memory allocator could allocate less memory than expected. This could\n result in arbitrary code execution with the Python interpreter's\n privileges. (CVE-2008-1887)\n \n Multiple buffer and integer overflow flaws were found in the Python Unicode\n string processing and in the Python Unicode and string object\n implementations. An attacker could use these flaws to cause a denial of\n service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n \n Multiple integer overflow flaws were found in the Python imageop module. If\n a Python application used the imageop module to process untrusted images,\n it could cause the application to disclose sensitive information, crash or,\n potentially, execute arbitrary code with the Python interpreter's\n privileges. (CVE-2007-4965, CVE-2008-4864)\n \n Multiple integer underflow and overflow flaws were found in the Python\n snprintf() wrapper implementation. An attacker could use these flaws to\n cause a denial of service (memory corruption). (CVE-2008-3144)\n \n Multiple integer overflow flaws were found in various Python modules. An\n attacker could use these flaws to cause a denial of service (Python\n application crash). (CVE-2008-2315, CVE-2008-3143)\n \n An integer signedness error, leading to a buffer overflow, was found\n in the Python zlib extension module. If a Python application requested\n the negative byte count be flushed for a decompression stream, it could\n cause the application to crash or, potentially, execute arbitrary code\n with the Python interpreter's privileges. (CVE-2008-1721)\n \n A flaw was discovered in the strxfrm() function of the Python locale\n module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data stored in\n the memory of a Python application using this function. (CVE-2007-2052)\n \n Red Hat would like to thank David Remahl of the Apple Product Security team\n for responsibly reporting the CVE-2008-2315 issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-July/016050.html\");\n script_id(880881);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1176\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_name(\"CentOS Update for python CESA-2009:1176 centos5 i386\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2009:1176 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880881", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880881", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2009:1176 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-July/016050.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880881\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1176\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_name(\"CentOS Update for python CESA-2009:1176 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"python on CentOS 5\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n When the assert() system call was disabled, an input sanitization flaw was\n revealed in the Python string object implementation that led to a buffer\n overflow. The missing check for negative size values meant the Python\n memory allocator could allocate less memory than expected. This could\n result in arbitrary code execution with the Python interpreter's\n privileges. (CVE-2008-1887)\n\n Multiple buffer and integer overflow flaws were found in the Python Unicode\n string processing and in the Python Unicode and string object\n implementations. An attacker could use these flaws to cause a denial of\n service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\n Multiple integer overflow flaws were found in the Python imageop module. If\n a Python application used the imageop module to process untrusted images,\n it could cause the application to disclose sensitive information, crash or,\n potentially, execute arbitrary code with the Python interpreter's\n privileges. (CVE-2007-4965, CVE-2008-4864)\n\n Multiple integer underflow and overflow flaws were found in the Python\n snprintf() wrapper implementation. An attacker could use these flaws to\n cause a denial of service (memory corruption). (CVE-2008-3144)\n\n Multiple integer overflow flaws were found in various Python modules. An\n attacker could use these flaws to cause a denial of service (Python\n application crash). (CVE-2008-2315, CVE-2008-3143)\n\n An integer signedness error, leading to a buffer overflow, was found\n in the Python zlib extension module. If a Python application requested\n the negative byte count be flushed for a decompression stream, it could\n cause the application to crash or, potentially, execute arbitrary code\n with the Python interpreter's privileges. (CVE-2008-1721)\n\n A flaw was discovered in the strxfrm() function of the Python locale\n module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data stored in\n the memory of a Python application using this function. (CVE-2007-2052)\n\n Red Hat would like to thank David Remahl of the Apple Product Security team\n for responsibly reporting the CVE-2008-2315 issue.\n\n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~24.el5_3.6\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:38:55", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1177.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1177", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064454", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064454", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1177.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1177 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1177.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64454\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1177\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1177.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:14", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1177.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1177", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64454", "href": "http://plugins.openvas.org/nasl.php?oid=64454", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1177.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1177 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1177.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64454);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1177\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1177.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.7.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2009:1178 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2009:1178 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-July/016040.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880715\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2009:1178\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_name(\"CentOS Update for python CESA-2009:1178 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"python on CentOS 3\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n When the assert() system call was disabled, an input sanitization flaw was\n revealed in the Python string object implementation that led to a buffer\n overflow. The missing check for negative size values meant the Python\n memory allocator could allocate less memory than expected. This could\n result in arbitrary code execution with the Python interpreter's\n privileges. (CVE-2008-1887)\n\n Multiple buffer and integer overflow flaws were found in the Python Unicode\n string processing and in the Python Unicode and string object\n implementations. An attacker could use these flaws to cause a denial of\n service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\n Multiple integer overflow flaws were found in the Python imageop module. If\n a Python application used the imageop module to process untrusted images,\n it could cause the application to crash or, potentially, execute arbitrary\n code with the Python interpreter's privileges. (CVE-2008-1679,\n CVE-2008-4864)\n\n Multiple integer underflow and overflow flaws were found in the Python\n snprintf() wrapper implementation. An attacker could use these flaws to\n cause a denial of service (memory corruption). (CVE-2008-3144)\n\n Multiple integer overflow flaws were found in various Python modules. An\n attacker could use these flaws to cause a denial of service (Python\n application crash). (CVE-2008-2315, CVE-2008-3143)\n\n Red Hat would like to thank David Remahl of the Apple Product Security team\n for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:23", "description": "The remote host is missing updates to python announced in\nadvisory CESA-2009:1178.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1178 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064493", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064493", "sourceData": "#CESA-2009:1178 64493 2\n# $Id: ovcesa2009_1178.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1178 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1178\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1178\nhttps://rhn.redhat.com/errata/RHSA-2009-1178.html\";\ntag_summary = \"The remote host is missing updates to python announced in\nadvisory CESA-2009:1178.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64493\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1178 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:20", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1178.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1178", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064455", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064455", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1178.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1178 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1178.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64455\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1178\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1178.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:08", "description": "The remote host is missing updates to python announced in\nadvisory CESA-2009:1178.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1178 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64493", "href": "http://plugins.openvas.org/nasl.php?oid=64493", "sourceData": "#CESA-2009:1178 64493 2\n# $Id: ovcesa2009_1178.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1178 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1178\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1178\nhttps://rhn.redhat.com/errata/RHSA-2009-1178.html\";\ntag_summary = \"The remote host is missing updates to python announced in\nadvisory CESA-2009:1178.\";\n\n\n\nif(description)\n{\n script_id(64493);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Security Advisory CESA-2009:1178 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.11\", rls:\"CentOS3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:49", "description": "Check for the Version of python", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2009:1178 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880715", "href": "http://plugins.openvas.org/nasl.php?oid=880715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2009:1178 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n When the assert() system call was disabled, an input sanitization flaw was\n revealed in the Python string object implementation that led to a buffer\n overflow. The missing check for negative size values meant the Python\n memory allocator could allocate less memory than expected. This could\n result in arbitrary code execution with the Python interpreter's\n privileges. (CVE-2008-1887)\n \n Multiple buffer and integer overflow flaws were found in the Python Unicode\n string processing and in the Python Unicode and string object\n implementations. An attacker could use these flaws to cause a denial of\n service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n \n Multiple integer overflow flaws were found in the Python imageop module. If\n a Python application used the imageop module to process untrusted images,\n it could cause the application to crash or, potentially, execute arbitrary\n code with the Python interpreter's privileges. (CVE-2008-1679,\n CVE-2008-4864)\n \n Multiple integer underflow and overflow flaws were found in the Python\n snprintf() wrapper implementation. An attacker could use these flaws to\n cause a denial of service (memory corruption). (CVE-2008-3144)\n \n Multiple integer overflow flaws were found in various Python modules. An\n attacker could use these flaws to cause a denial of service (Python\n application crash). (CVE-2008-2315, CVE-2008-3143)\n \n Red Hat would like to thank David Remahl of the Apple Product Security team\n for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-July/016040.html\");\n script_id(880715);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2009:1178\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_name(\"CentOS Update for python CESA-2009:1178 centos3 i386\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.11\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:43", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1178.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1178", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:64455", "href": "http://plugins.openvas.org/nasl.php?oid=64455", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1178.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1178 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1178.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64455);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1178\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1178.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.11\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:48", "description": "The remote host is missing an update to python2.4\nannounced via advisory DSA 1667-1.", "cvss3": {}, "published": "2008-11-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1667-1 (python2.4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61905", "href": "http://plugins.openvas.org/nasl.php?oid=61905", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1667_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1667-1 (python2.4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2008-2315\n\nDavid Remahl discovered several integer overflows in the\nstringobject, unicodeobject, bufferobject, longobject,\ntupleobject, stropmodule, gcmodule, and mmapmodule modules.\n\nCVE-2008-3142\n\nJustin Ferguson discovered that incorrect memory allocation in\nthe unicode_resize() function can lead to buffer overflows.\n\nCVE-2008-3143\n\nSeveral integer overflows were discovered in various Python core\nmodules.\n\nCVE-2008-3144\n\nSeveral integer oberflows were discovered in the PyOS_vsnprintf()\nfunction.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch2.\n\nFor the unstable distribution (sid) and the upcoming stable\ndistribution (lenny), these problems have been fixed in\nversion 2.4.5-5.\n\nWe recommend that you upgrade your python2.4 packages.\";\ntag_summary = \"The remote host is missing an update to python2.4\nannounced via advisory DSA 1667-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201667-1\";\n\n\nif(description)\n{\n script_id(61905);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-24 23:46:43 +0100 (Mon, 24 Nov 2008)\");\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1667-1 (python2.4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-3+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-3+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-3+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-3+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-3+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-3+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:29:04", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-632-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840343", "href": "http://plugins.openvas.org/nasl.php?oid=840343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_632_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that there were new integer overflows in the imageop\n module. If an attacker were able to trick a Python application into\n processing a specially crafted image, they could execute arbitrary code\n with user privileges. (CVE-2008-1679)\n\n Justin Ferguson discovered that the zlib module did not correctly\n handle certain archives. If an attacker were able to trick a Python\n application into processing a specially crafted archive file, they could\n execute arbitrary code with user privileges. (CVE-2008-1721)\n \n Justin Ferguson discovered that certain string manipulations in Python\n could be made to overflow. If an attacker were able to pass a specially\n crafted string through the PyString_FromStringAndSize function, they\n could execute arbitrary code with user privileges. (CVE-2008-1887)\n \n Multiple integer overflows were discovered in Python's core and modules\n including hashlib, binascii, pickle, md5, stringobject, unicodeobject,\n bufferobject, longobject, tupleobject, stropmodule, gcmodule, and\n mmapmodule. If an attacker were able to exploit these flaws they could\n execute arbitrary code with user privileges or cause Python applications\n to crash, leading to a denial of service. (CVE-2008-2315, CVE-2008-2316,\n CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-632-1\";\ntag_affected = \"python2.4, python2.5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 7.04 ,\n Ubuntu 7.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-632-1/\");\n script_id(840343);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"632-1\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_name( \"Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-gdbm\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-tk\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.3-0ubuntu6.2\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-2ubuntu7.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-0ubuntu1.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.5-1ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.2-2ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-6ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-5ubuntu5.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:01", "description": "The remote host is missing an update to python\nannounced via advisory MDVSA-2009:036.", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:036 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2007-4965", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063373", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063373", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_036.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:036 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in imageop.c in the imageop module in\nPython 1.5.2 through 2.5.1 allow context-dependent attackers to\nbreak out of the Python VM and execute arbitrary code via large\ninteger values in certain arguments to the crop function, leading to\na buffer overflow, a different vulnerability than CVE-2007-4965 and\nCVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.5.2 and earlier allow\ncontext-dependent attackers to have an unknown impact via vectors\nrelated to the (1) stringobject, (2) unicodeobject, (3) bufferobject,\n(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and\n(8) mmapmodule modules. NOTE: The expandtabs integer overflows in\nstringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,\nallow context-dependent attackers to have an unknown impact via\na large integer value in the tabsize argument to the expandtabs\nmethod, as implemented by (1) the string_expandtabs function in\nObjects/stringobject.c and (2) the unicode_expandtabs function in\nObjects/unicodeobject.c. NOTE: this vulnerability reportedly exists\nbecause of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.\n\nAffected: Corporate 3.0, Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:036\";\ntag_summary = \"The remote host is missing an update to python\nannounced via advisory MDVSA-2009:036.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63373\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-4864\", \"CVE-2008-5031\", \"CVE-2008-2315\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:036 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpython2.3\", rpm:\"libpython2.3~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3-devel\", rpm:\"libpython2.3-devel~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.3\", rpm:\"lib64python2.3~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.3-devel\", rpm:\"lib64python2.3-devel~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3\", rpm:\"libpython2.3~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3-devel\", rpm:\"libpython2.3-devel~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:07", "description": "The remote host is missing an update to python\nannounced via advisory MDVSA-2009:003.", "cvss3": {}, "published": "2009-01-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:003 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2007-4965", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063136", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063136", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_003.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:003 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in imageop.c in the imageop module in\nPython 1.5.2 through 2.5.1 allow context-dependent attackers to\nbreak out of the Python VM and execute arbitrary code via large\ninteger values in certain arguments to the crop function, leading to\na buffer overflow, a different vulnerability than CVE-2007-4965 and\nCVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,\nallow context-dependent attackers to have an unknown impact via\na large integer value in the tabsize argument to the expandtabs\nmethod, as implemented by (1) the string_expandtabs function in\nObjects/stringobject.c and (2) the unicode_expandtabs function in\nObjects/unicodeobject.c. NOTE: this vulnerability reportedly exists\nbecause of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.\n\nAffected: 2008.0, 2008.1, 2009.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:003\";\ntag_summary = \"The remote host is missing an update to python\nannounced via advisory MDVSA-2009:003.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63136\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-4864\", \"CVE-2008-2315\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:003 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:01", "description": "The remote host is missing an update to python\nannounced via advisory MDVSA-2009:036.", "cvss3": {}, "published": "2009-02-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:036 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2007-4965", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-5031"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63373", "href": "http://plugins.openvas.org/nasl.php?oid=63373", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_036.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:036 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in imageop.c in the imageop module in\nPython 1.5.2 through 2.5.1 allow context-dependent attackers to\nbreak out of the Python VM and execute arbitrary code via large\ninteger values in certain arguments to the crop function, leading to\na buffer overflow, a different vulnerability than CVE-2007-4965 and\nCVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.5.2 and earlier allow\ncontext-dependent attackers to have an unknown impact via vectors\nrelated to the (1) stringobject, (2) unicodeobject, (3) bufferobject,\n(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and\n(8) mmapmodule modules. NOTE: The expandtabs integer overflows in\nstringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,\nallow context-dependent attackers to have an unknown impact via\na large integer value in the tabsize argument to the expandtabs\nmethod, as implemented by (1) the string_expandtabs function in\nObjects/stringobject.c and (2) the unicode_expandtabs function in\nObjects/unicodeobject.c. NOTE: this vulnerability reportedly exists\nbecause of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.\n\nAffected: Corporate 3.0, Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:036\";\ntag_summary = \"The remote host is missing an update to python\nannounced via advisory MDVSA-2009:036.\";\n\n \n\nif(description)\n{\n script_id(63373);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-4864\", \"CVE-2008-5031\", \"CVE-2008-2315\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:036 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpython2.3\", rpm:\"libpython2.3~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3-devel\", rpm:\"libpython2.3-devel~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.3\", rpm:\"lib64python2.3~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.3-devel\", rpm:\"lib64python2.3-devel~2.3.7~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3\", rpm:\"libpython2.3~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.3-devel\", rpm:\"libpython2.3-devel~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.7~0.2.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:22", "description": "The remote host is missing an update to python\nannounced via advisory MDVSA-2009:003.", "cvss3": {}, "published": "2009-01-13T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:003 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2007-4965", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-5031"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:63136", "href": "http://plugins.openvas.org/nasl.php?oid=63136", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_003.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:003 (python)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in imageop.c in the imageop module in\nPython 1.5.2 through 2.5.1 allow context-dependent attackers to\nbreak out of the Python VM and execute arbitrary code via large\ninteger values in certain arguments to the crop function, leading to\na buffer overflow, a different vulnerability than CVE-2007-4965 and\nCVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,\nallow context-dependent attackers to have an unknown impact via\na large integer value in the tabsize argument to the expandtabs\nmethod, as implemented by (1) the string_expandtabs function in\nObjects/stringobject.c and (2) the unicode_expandtabs function in\nObjects/unicodeobject.c. NOTE: this vulnerability reportedly exists\nbecause of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.\n\nAffected: 2008.0, 2008.1, 2009.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:003\";\ntag_summary = \"The remote host is missing an update to python\nannounced via advisory MDVSA-2009:003.\";\n\n \n\nif(description)\n{\n script_id(63136);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-13 22:38:32 +0100 (Tue, 13 Jan 2009)\");\n script_cve_id(\"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-4864\", \"CVE-2008-2315\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:003 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~5.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.5~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:45", "description": "The remote host is missing an update to python2.4\nannounced via advisory DSA 1551-1.", "cvss3": {}, "published": "2008-04-21T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1551-1 (python2.4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:60798", "href": "http://plugins.openvas.org/nasl.php?oid=60798", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1551_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1551-1 (python2.4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-2052\n\nPiotr Engelking discovered that the strxfrm() function of the locale\nmodule miscalculates the length of an internal buffer, which may\nresult in a minor information disclosure.\n\nCVE-2007-4965\n\nIt was discovered that several integer overflows in the imageop\nmodule may lead to the execution of arbitrary code, if a user is\ntricked into processing malformed images. This issue is also\ntracked as CVE-2008-1679 due to an initially incomplete patch.\n\nCVE-2008-1721\n\nJustin Ferguson discovered that a buffer overflow in the zlib\nmodule may lead to the execution of arbitrary code.\n\nCVE-2008-1887\n\nJustin Ferguson discovered that insufficient input validation in\nPyString_FromStringAndSize() may lead to the execution of arbitrary\ncode.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.5-2.\n\nWe recommend that you upgrade your python2.4 packages.\";\ntag_summary = \"The remote host is missing an update to python2.4\nannounced via advisory DSA 1551-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201551-1\";\n\n\nif(description)\n{\n script_id(60798);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-04-21 20:40:14 +0200 (Mon, 21 Apr 2008)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1551-1 (python2.4)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-3+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:49:52", "description": "The remote host is missing an update to python2.5\nannounced via advisory DSA 1620-1.", "cvss3": {}, "published": "2008-08-15T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1620-1 (python2.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61372", "href": "http://plugins.openvas.org/nasl.php?oid=61372", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1620_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1620-1 (python2.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-2052\n\nPiotr Engelking discovered that the strxfrm() function of the locale\nmodule miscalculates the length of an internal buffer, which may\nresult in a minor information disclosure.\n\nCVE-2007-4965\n\nIt was discovered that several integer overflows in the imageop\nmodule may lead to the execution of arbitrary code, if a user is\ntricked into processing malformed images. This issue is also\ntracked as CVE-2008-1679 due to an initially incomplete patch.\n\nCVE-2008-1721\n\nJustin Ferguson discovered that a buffer overflow in the zlib\nmodule may lead to the execution of arbitrary code.\n\nCVE-2008-1887\n\nJustin Ferguson discovered that insufficient input validation in\nPyString_FromStringAndSize() may lead to the execution of arbitrary\ncode.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.5-5+etch1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.5.2-3.\n\nWe recommend that you upgrade your python2.5 packages.\";\ntag_summary = \"The remote host is missing an update to python2.5\nannounced via advisory DSA 1620-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201620-1\";\n\n\nif(description)\n{\n script_id(61372);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-15 15:52:52 +0200 (Fri, 15 Aug 2008)\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1620-1 (python2.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5-5+etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:40", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDVSA-2008:163 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830740", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830740", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDVSA-2008:163 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in the imageop module in Python prior to\n 2.5.3 allowed context-dependent attackers to cause a denial of service\n (crash) or possibly execute arbitrary code via crafted images that\n trigger heap-based buffer overflows (CVE-2008-1679). This was due\n to an incomplete fix for CVE-2007-4965.\n\n David Remahl of Apple Product Security reported several integer\n overflows in a number of core modules (CVE-2008-2315). He also\n reported an integer overflow in the hashlib module on Python 2.5 that\n lead to unreliable cryptographic digest results (CVE-2008-2316).\n \n Justin Ferguson reported multiple buffer overflows in unicode string\n processing that affected 32bit systems (CVE-2008-3142).\n \n Multiple integer overflows were reported by the Google Security Team\n that had been fixed in Python 2.5.2 (CVE-2008-3143).\n \n Justin Ferguson reported a number of integer overflows and underflows\n in the PyOS_vsnprintf() function, as well as an off-by-one error\n when passing zero-length strings, that led to memory corruption\n (CVE-2008-3144).\n \n The updated packages have been patched to correct these issues.\n As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have\n been updated to version 2.5.2. Due to slight packaging changes on\n Mandriva Linux 2007.1, a new package is available (tkinter-apps) that\n contains binary files (such as /usr/bin/idle) that were previously\n in the tkinter package.\";\n\ntag_affected = \"python on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-08/msg00004.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830740\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:163\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2007-4965\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_name( \"Mandriva Update for python MDVSA-2008:163 (python)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:27", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDVSA-2008:163 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830740", "href": "http://plugins.openvas.org/nasl.php?oid=830740", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDVSA-2008:163 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in the imageop module in Python prior to\n 2.5.3 allowed context-dependent attackers to cause a denial of service\n (crash) or possibly execute arbitrary code via crafted images that\n trigger heap-based buffer overflows (CVE-2008-1679). This was due\n to an incomplete fix for CVE-2007-4965.\n\n David Remahl of Apple Product Security reported several integer\n overflows in a number of core modules (CVE-2008-2315). He also\n reported an integer overflow in the hashlib module on Python 2.5 that\n lead to unreliable cryptographic digest results (CVE-2008-2316).\n \n Justin Ferguson reported multiple buffer overflows in unicode string\n processing that affected 32bit systems (CVE-2008-3142).\n \n Multiple integer overflows were reported by the Google Security Team\n that had been fixed in Python 2.5.2 (CVE-2008-3143).\n \n Justin Ferguson reported a number of integer overflows and underflows\n in the PyOS_vsnprintf() function, as well as an off-by-one error\n when passing zero-length strings, that led to memory corruption\n (CVE-2008-3144).\n \n The updated packages have been patched to correct these issues.\n As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have\n been updated to version 2.5.2. Due to slight packaging changes on\n Mandriva Linux 2007.1, a new package is available (tkinter-apps) that\n contains binary files (such as /usr/bin/idle) that were previously\n in the tkinter package.\";\n\ntag_affected = \"python on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-08/msg00004.php\");\n script_id(830740);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:163\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2007-4965\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_name( \"Mandriva Update for python MDVSA-2008:163 (python)\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:31", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032900 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065027", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065027", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5032900.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032900 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65027\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-3143\", \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-2315\", \"CVE-2008-2316\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.3~88.24\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:28", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065883", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065883", "sourceData": "#\n#VID slesp2-python-5490\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65883\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-3143\", \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-2315\", \"CVE-2008-2316\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc\", rpm:\"python-doc~2.4.2~18.19\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc-pdf\", rpm:\"python-doc-pdf~2.4.2~18.19\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:38", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032900 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65027", "href": "http://plugins.openvas.org/nasl.php?oid=65027", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5032900.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5032900 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65027);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-3143\", \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-2315\", \"CVE-2008-2316\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.3~88.24\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:17", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65883", "href": "http://plugins.openvas.org/nasl.php?oid=65883", "sourceData": "#\n#VID slesp2-python-5490\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65883);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-3143\", \"CVE-2008-3142\", \"CVE-2008-3144\", \"CVE-2008-2315\", \"CVE-2008-2316\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc\", rpm:\"python-doc~2.4.2~18.19\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc-pdf\", rpm:\"python-doc-pdf~2.4.2~18.19\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.4.2~18.22\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:03", "description": "The remote host is missing updates announced in\nadvisory GLSA 200807-16.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200807-16 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61391", "href": "http://plugins.openvas.org/nasl.php?oid=61391", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Python may allow for the execution of arbitrary\ncode.\";\ntag_solution = \"All Python 2.4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r14'\n\nAll Python 2.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.5.2-r6'\n\nPlease note that Python 2.3 is masked since June 24, and we will not be\nreleasing updates to it. It will be removed from the tree in the near\nfuture.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200807-16\nhttp://bugs.gentoo.org/show_bug.cgi?id=230640\nhttp://bugs.gentoo.org/show_bug.cgi?id=232137\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200807-16.\";\n\n \n\nif(description)\n{\n script_id(61391);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200807-16 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"rge 2.4.4-r14\", \"ge 2.5.2-r6\"), vulnerable: make_list(\"lt 2.5.2-r6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-19T11:57:24", "description": "The host is installed with Python, which is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2008-08-22T00:00:00", "type": "openvas", "title": "Python Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2017-09-18T00:00:00", "id": "OPENVAS:900105", "href": "http://plugins.openvas.org/nasl.php?oid=900105", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_python_mult_vuln_win_900105.nasl 7174 2017-09-18 11:48:08Z asteins $\n# Description: Python Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation could potentially causes attackers to\n execute arbitrary code or create a denial of service condition.\n Impact Level : Application\";\n\ntag_solution = \"Fix is available in the SVN repository,\n http://svn.python.org\";\n\ntag_affected = \"Python 2.5.2 and prior on Linux (All).\";\n\ntag_insight = \"The flaws exist due to integer overflow in,\n - hashlib module, which can lead to an unreliable cryptographic digest\n results.\n - the processing of unicode strings.\n - the PyOS_vsnprintf() function on architectures that do not have a\n vsnprintf() function.\n - the PyOS_vsnprintf() function when passing zero-length strings can\n lead to memory corruption.\";\n\n\ntag_summary = \"The host is installed with Python, which is prone to multiple\n vulnerabilities.\";\n\n\nif(description)\n{\n script_id(900105);\n script_version(\"$Revision: 7174 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-18 13:48:08 +0200 (Mon, 18 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_bugtraq_id(30491);\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \n\t \"CVE-2008-3143\",\"CVE-2008-3144\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Buffer overflow\");\n script_name(\"Python Multiple Vulnerabilities (Windows)\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2588\");\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2589\");\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2620\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\n include(\"smb_nt.inc\");\n\n if(!(get_kb_item(\"SMB/WindowsVersion\"))){\n exit(0);\n }\n\n name = kb_smb_name();\n login = kb_smb_login();\n domain = kb_smb_domain();\n pass = kb_smb_password();\n port = kb_smb_transport();\n\n soc = open_sock_tcp(port);\n if(!soc){\n exit(0);\n }\n\n r = smb_session_request(soc:soc, remote:name);\n if(!r)\n {\n close(soc);\n exit(0);\n }\n\n prot = smb_neg_prot(soc:soc);\n if(!prot)\n {\n close(soc);\n exit(0);\n }\n\n r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);\n if(!r)\n {\n\tclose(soc);\n exit(0);\n }\n\n uid = session_extract_uid(reply:r);\n if(!uid)\n {\n\tclose(soc);\n exit(0);\n }\n\n r = smb_tconx(soc:soc, name:name, uid:uid, share:\"IPC$\");\n if(!r)\n {\n\tclose(soc);\n exit(0);\n }\n\n tid = tconx_extract_tid(reply:r);\n if(!tid)\n {\n close(soc);\n exit(0);\n }\n \n r = smbntcreatex(soc:soc, uid:uid, tid:tid, name:\"\\winreg\");\n if(!r)\n {\n close(soc);\n exit(0);\n }\n\n pipe = smbntcreatex_extract_pipe(reply:r);\n if(!pipe)\n {\n \tclose(soc);\n\texit(0);\n }\n\n r = pipe_accessible_registry(soc:soc, uid:uid, tid:tid, pipe:pipe);\n if(!r)\n {\n close(soc);\n exit(0);\n }\n\n handle = registry_open_hklm(soc:soc, uid:uid, tid:tid, pipe:pipe);\n if(!handle)\n {\n close(soc);\n exit(0);\n }\n\n key = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\n pyKey = registry_get_key(soc:soc, uid:uid, tid:tid, pipe:pipe, key:key, reply:handle);\n if(!pyKey)\n {\n\tclose(soc);\n exit(0);\n }\n\n entries = registry_enum_key(soc:soc, uid:uid, tid:tid, pipe:pipe, reply:pyKey);\n close(soc);\n\n foreach entry (entries)\n {\n pyName = registry_get_sz(key:key + entry, item:\"DisplayName\");\n if(\"Python\" >< pyName)\n {\n \tif(egrep(pattern:\"Python ([01]\\..*|2\\.([0-4]\\..*|5\\.[0-2]))$\",\n\t\t\t string:pyName)){\n \tsecurity_message(0);\n\t\t}\n exit(0);\n }\n }\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-21T11:05:29", "description": "The host is installed Python, which is prone to multiple vulnerabilities.\n\n This NVT has been replaced by NVT gb_CESA-2009_1176_python_centos5_i386.nasl\n (OID:1.3.6.1.4.1.25623.1.0.880881), gb_CESA-2009_1178_python_centos3_i386.nasl\n (OID:1.3.6.1.4.1.25623.1.0.880715).", "cvss3": {}, "published": "2008-08-22T00:00:00", "type": "openvas", "title": "Python Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2017-11-20T00:00:00", "id": "OPENVAS:900106", "href": "http://plugins.openvas.org/nasl.php?oid=900106", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_python_mult_vuln_lin_900106.nasl 7823 2017-11-20 08:54:04Z cfischer $\n# Description: Python Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful exploitation could potentially causes attackers to\n execute arbitrary code or create a denial of service condition.\n Impact Level : Application\";\n\ntag_solution = \"Fix is available in the SVN repository,\n http://svn.python.org\";\n\ntag_affected = \"Python 2.5.2 and prior on Linux (All).\";\n\ntag_insight = \"The flaws exist due to integer overflow in,\n - hashlib module, which can lead to an unreliable cryptographic digest \n results.\n - the processing of unicode strings.\n - the PyOS_vsnprintf() function on architectures that do not have a \n vsnprintf() function.\n - the PyOS_vsnprintf() function when passing zero-length strings can \n lead to memory corruption.\";\n\n\ntag_summary = \"The host is installed Python, which is prone to multiple vulnerabilities.\n\n This NVT has been replaced by NVT gb_CESA-2009_1176_python_centos5_i386.nasl\n (OID:1.3.6.1.4.1.25623.1.0.880881), gb_CESA-2009_1178_python_centos3_i386.nasl\n (OID:1.3.6.1.4.1.25623.1.0.880715).\";\n\nif(description)\n{\n script_id(900106);\n script_version(\"$Revision: 7823 $\");\n script_tag(name:\"deprecated\", value:TRUE);\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-20 09:54:04 +0100 (Mon, 20 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_bugtraq_id(30491);\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\",\n\t\t\"CVE-2008-3143\",\"CVE-2008-3144\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"Buffer overflow\");\n script_name(\"Python Multiple Vulnerabilities (Linux)\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_exclude_keys(\"ssh/no_linux_shell\");\n\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2588\");\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2589\");\n script_xref(name : \"URL\" , value : \"http://bugs.python.org/issue2620\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\nexit(66); ## This NVT is deprecated as addressed in gb_CESA-2009_1176_python_centos5_i386.nasl\n ## gb_CESA-2009_1178_python_centos3_i386.nasl\n\n include(\"ssh_func.inc\");\n\n foreach item (get_kb_list(\"ssh/login/rpms\"))\n {\n if(\"python\" >< item)\n {\n if(egrep(pattern:\"python-.*~([01]\\..*|2\\.([0-4]\\..*|5\\.[0-2]))[^.0-9]\",\n\t\t\t string:item)){\n security_message(0); \n }\n\t\texit(0);\n }\n }\n\n sock = ssh_login_or_reuse_connection();\n if(!sock){\n exit(0);\n }\n\n pyVer = ssh_cmd(socket:sock, cmd:\"python -V\");\n ssh_close_connection();\n\n if(!pyVer){\n exit(0);\n }\n\n if(egrep(pattern:\"^Python ([01]\\..*|2\\.([0-4]\\..*|5\\.[0-2]))$\", string:pyVer)){\n security_message(0);\n }\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-07T16:39:37", "description": "The host is installed Python, which is prone to multiple vulnerabilities.\n\n This NVT has been replaced by various LSCs.", "cvss3": {}, "published": "2008-08-22T00:00:00", "type": "openvas", "title": "Python Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310900106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900106", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Python Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900106\");\n script_version(\"2020-04-02T11:36:28+0000\");\n script_tag(name:\"deprecated\", value:TRUE);\n script_tag(name:\"last_modification\", value:\"2020-04-02 11:36:28 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_bugtraq_id(30491);\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\",\n \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_name(\"Python Multiple Vulnerabilities (Linux)\");\n\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2588\");\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2589\");\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2620\");\n\n script_tag(name:\"summary\", value:\"The host is installed Python, which is prone to multiple vulnerabilities.\n\n This NVT has been replaced by various LSCs.\");\n\n script_tag(name:\"insight\", value:\"The flaws exist due to integer overflow in,\n\n - hashlib module, which can lead to an unreliable cryptographic digest results.\n\n - the processing of unicode strings.\n\n - the PyOS_vsnprintf() function on architectures that do not have a vsnprintf() function.\n\n - the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.\");\n\n script_tag(name:\"affected\", value:\"Python 2.5.2 and prior on Linux (All).\");\n\n script_tag(name:\"solution\", value:\"Fix is available in the SVN repository.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could potentially causes attackers to\n execute arbitrary code or create a denial of service condition.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\nexit(66); ## Addressed by various LSCs\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-13T20:25:14", "description": "The host is installed with Python and is prone to multiple\n vulnerabilities.", "cvss3": {}, "published": "2008-08-22T00:00:00", "type": "openvas", "title": "Python <= 2.5.2 Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2019-11-12T00:00:00", "id": "OPENVAS:1361412562310900105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900105", "sourceData": "# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:python:python\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900105\");\n script_version(\"2019-11-12T13:34:01+0000\");\n script_bugtraq_id(30491);\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_tag(name:\"last_modification\", value:\"2019-11-12 13:34:01 +0000 (Tue, 12 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-08-22 10:29:01 +0200 (Fri, 22 Aug 2008)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_name(\"Python <= 2.5.2 Multiple Vulnerabilities (Windows)\");\n script_dependencies(\"gb_python_detect_win.nasl\");\n script_mandatory_keys(\"python/win/detected\");\n\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2588\");\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2589\");\n script_xref(name:\"URL\", value:\"http://bugs.python.org/issue2620\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Python and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"The flaws exist due to multiple integer overflows in:\n\n - hashlib module, which can lead to an unreliable cryptographic digest\n results.\n\n - the processing of unicode strings.\n\n - the PyOS_vsnprintf() function on architectures that do not have a\n vsnprintf() function.\n\n - the PyOS_vsnprintf() function when passing zero-length strings can\n lead to memory corruption.\");\n\n script_tag(name:\"affected\", value:\"Python 2.5.2 and prior on Windows (All).\");\n\n script_tag(name:\"solution\", value:\"A fix is available, please see the references for more information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow attackers to\n execute arbitrary code or create a denial of service condition.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less_equal( version:vers, test_version:\"2.5.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\", install_path:path );\n security_message( port:0, data:report );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:14", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-217-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2008-217-01 python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61467", "href": "http://plugins.openvas.org/nasl.php?oid=61467", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_217_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0,\n12.1, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-217-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-217-01\";\n \nif(description)\n{\n script_id(61467);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2008-217-01 python \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python-demo\", ver:\"2.4.5-noarch-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python-tools\", ver:\"2.4.5-noarch-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python-demo\", ver:\"2.4.5-noarch-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python-tools\", ver:\"2.4.5-noarch-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.5.2-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"python\", ver:\"2.5.2-i486-2_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:06", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-217-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2008-217-01 python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231061467", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231061467", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_217_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.61467\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2008-217-01 python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(10\\.1|10\\.2|11\\.0|12\\.0|12\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-217-01\");\n\n script_tag(name:\"insight\", value:\"New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0,\n12.1, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2008-217-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python-demo\", ver:\"2.4.5-noarch-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python-tools\", ver:\"2.4.5-noarch-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python-demo\", ver:\"2.4.5-noarch-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python-tools\", ver:\"2.4.5-noarch-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.4.5-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.5.2-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"python\", ver:\"2.5.2-i486-2_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:16", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-17T00:00:00", "type": "openvas", "title": "FreeBSD Ports: python24", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2316", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315"], "modified": "2016-09-28T00:00:00", "id": "OPENVAS:61617", "href": "http://plugins.openvas.org/nasl.php?oid=61617", "sourceData": "#\n#VID 0dccaa28-7f3c-11dd-8de5-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 0dccaa28-7f3c-11dd-8de5-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n python24\n python25\n python23\n\nCVE-2008-2315\nMultiple integer overflows in Python 2.5.2 and earlier allow\ncontext-dependent attackers to have an unknown impact via vectors\nrelated to the (1) stringobject, (2) unicodeobject, (3) bufferobject,\n(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and\n(8) mmapmodule modules.\nCVE-2008-2316\nInteger overflow in _hashopenssl.c in the hashlib module in Python\n2.5.2 and earlier might allow context-dependent attackers to defeat\ncryptographic digests, related to 'partial hashlib hashing of data\nexceeding 4GB.'\nCVE-2008-3142\nMultiple buffer overflows in Python 2.5.2 and earlier on 32bit\nplatforms allow context-dependent attackers to cause a denial of\nservice (crash) or have unspecified other impact via a long string\nthat leads to incorrect memory allocation during Unicode string\nprocessing, related to the unicode_resize function and the\nPyMem_RESIZE macro.\nCVE-2008-3144\nMultiple integer overflows in the PyOS_vsnprintf function in\nPython/mysnprintf.c in Python 2.5.2 and earlier allow\ncontext-dependent attackers to cause a denial of service (memory\ncorruption) or have unspecified other impact via crafted input to\nstring formatting operations. NOTE: the handling of certain integer\nvalues is also affected by related integer underflows and an\noff-by-one error.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.python.org/issue2620\nhttp://bugs.python.org/issue2588\nhttp://bugs.python.org/issue2589\nhttp://secunia.com/advisories/31305\nhttp://mail.python.org/pipermail/python-checkins/2008-July/072276.html\nhttp://mail.python.org/pipermail/python-checkins/2008-July/072174.html\nhttp://mail.python.org/pipermail/python-checkins/2008-June/070481.html\nhttp://www.vuxml.org/freebsd/0dccaa28-7f3c-11dd-8de5-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(61617);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-17 04:23:15 +0200 (Wed, 17 Sep 2008)\");\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: python24\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"python24\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.4.5_2\")<0) {\n txt += 'Package python24 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"python25\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.2_3\")<0) {\n txt += 'Package python25 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"python23\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0\")>0) {\n txt += 'Package python23 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:29:08", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-585-1", "cvss3": {}, "published": "2009-03-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840265", "href": "http://plugins.openvas.org/nasl.php?oid=840265", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_585_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Piotr Engelking discovered that strxfrm in Python was not correctly\n calculating the size of the destination buffer. This could lead to small\n information leaks, which might be used by attackers to gain additional\n knowledge about the state of a running Python script. (CVE-2007-2052)\n\n A flaw was discovered in the Python imageop module. If a script using\n the module could be tricked into processing a specially crafted set of\n arguments, a remote attacker could execute arbitrary code, or cause the\n application to crash. (CVE-2007-4965)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-585-1\";\ntag_affected = \"python2.4/2.5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-585-1/\");\n script_id(840265);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"USN\", value: \"585-1\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-gdbm\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-tk\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:11", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040780 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065048", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065048", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5040780.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040780 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65048\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.3~88.26\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:38", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065933", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065933", "sourceData": "#\n#VID slesp2-python-5837\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65933\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:22", "description": "The remote host is missing an update to python2.5\nannounced via advisory USN-806-1.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Ubuntu USN-806-1 (python2.5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2008-5031"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:64488", "href": "http://plugins.openvas.org/nasl.php?oid=64488", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_806_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_806_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-806-1 (python2.5)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n python2.4 2.4.3-0ubuntu6.3\n python2.4-minimal 2.4.3-0ubuntu6.3\n\nUbuntu 8.04 LTS:\n python2.4 2.4.5-1ubuntu4.2\n python2.4-minimal 2.4.5-1ubuntu4.2\n python2.5 2.5.2-2ubuntu6\n python2.5-minimal 2.5.2-2ubuntu6\n\nUbuntu 8.10:\n python2.4 2.4.5-5ubuntu1.1\n python2.4-minimal 2.4.5-5ubuntu1.1\n\nAfter a standard system upgrade you need to reboot your computer to\neffect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-806-1\";\n\ntag_insight = \"It was discovered that Python incorrectly handled certain arguments in the\nimageop module. If an attacker were able to pass specially crafted\narguments through the crop function, they could execute arbitrary code with\nuser privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS.\n(CVE-2008-4864)\n\nMultiple integer overflows were discovered in Python's stringobject and\nunicodeobject expandtabs method. If an attacker were able to exploit these\nflaws they could execute arbitrary code with user privileges or cause\nPython applications to crash, leading to a denial of service.\n(CVE-2008-5031)\";\ntag_summary = \"The remote host is missing an update to python2.5\nannounced via advisory USN-806-1.\";\n\n \n\n\nif(description)\n{\n script_id(64488);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-806-1 (python2.5)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-806-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.3-0ubuntu6.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.3-0ubuntu6.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.3-0ubuntu6.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.3-0ubuntu6.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.3-0ubuntu6.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-gdbm\", ver:\"2.4.3-0ubuntu6.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.3-0ubuntu6.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-tk\", ver:\"2.4.3-0ubuntu6.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.3-0ubuntu6.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.5-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.5-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.2-2ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.2-2ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.5-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.2-2ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.5-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.5-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.5-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.5-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.2-2ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.2-2ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.2-2ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.2-2ubuntu6\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.5-5ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.5-5ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.5-5ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.5-5ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.5-5ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.5-5ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.5-5ubuntu1.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:11", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040780 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2008-5031"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65048", "href": "http://plugins.openvas.org/nasl.php?oid=65048", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5040780.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-mpz\n python-tk\n python-xml\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5040780 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65048);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.3~88.26\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:00", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2008-5031"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65933", "href": "http://plugins.openvas.org/nasl.php?oid=65933", "sourceData": "#\n#VID slesp2-python-5837\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65933);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-4864\", \"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.4.2~18.25\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:25", "description": "Check for the Version of python-docs", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for python-docs CESA-2007:1076 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python-docs CESA-2007:1076 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python-docs on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014497.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880314\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1076\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"CentOS Update for python-docs CESA-2007:1076 centos3 x86_64\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:15", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for python RHSA-2007:1076-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870180", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1076-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00007.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870180\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1076-02\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"RedHat Update for python RHSA-2007:1076-02\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:21", "description": "Check for the Version of python-docs", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for python-docs CESA-2007:1076 centos3 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880314", "href": "http://plugins.openvas.org/nasl.php?oid=880314", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python-docs CESA-2007:1076 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python-docs on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014497.html\");\n script_id(880314);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1076\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"CentOS Update for python-docs CESA-2007:1076 centos3 x86_64\");\n\n script_summary(\"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:15", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for python RHSA-2007:1076-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870180", "href": "http://plugins.openvas.org/nasl.php?oid=870180", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1076-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00007.html\");\n script_id(870180);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1076-02\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"RedHat Update for python RHSA-2007:1076-02\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:26", "description": "Check for the Version of python-docs", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for python-docs CESA-2007:1076 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880338", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python-docs CESA-2007:1076 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python-docs on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014496.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880338\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1076\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"CentOS Update for python-docs CESA-2007:1076 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:22", "description": "Check for the Version of python-docs", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for python-docs CESA-2007:1076 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880338", "href": "http://plugins.openvas.org/nasl.php?oid=880338", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python-docs CESA-2007:1076 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python-docs on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014496.html\");\n script_id(880338);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1076\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"CentOS Update for python-docs CESA-2007:1076 centos3 i386\");\n\n script_summary(\"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:43", "description": "The remote host is missing updates announced in\nadvisory GLSA 200807-01.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200807-01 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-1679", "CVE-2008-1887"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:61216", "href": "http://plugins.openvas.org/nasl.php?oid=61216", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows may allow for Denial of Service.\";\ntag_solution = \"The imageop module is no longer built in the unaffected versions.\n\nAll Python 2.3 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.3.6-r6'\n\nAll Python 2.4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r13'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200807-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=216673\nhttp://bugs.gentoo.org/show_bug.cgi?id=217221\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200807-01.\";\n\n \n\nif(description)\n{\n script_id(61216);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200807-01 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"rge 2.3.6-r6\", \"ge 2.4.4-r13\"), vulnerable: make_list(\"lt 2.4.4-r13\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:39:09", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDKSA-2007:099 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830058", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDKSA-2007:099 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An off-by-one error was discovered in the PyLocale_strxfrm function\n in Python 2.4 and 2.5 that could allow context-dependent attackers\n the ability to read portions of memory via special manipulations that\n trigger a buffer over-read due to missing null termination.\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"python on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-05/msg00007.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830058\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:099\");\n script_cve_id(\"CVE-2007-2052\");\n script_name( \"Mandriva Update for python MDKSA-2007:099 (python)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:51", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-devel\n python\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065615", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065615", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021454.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-devel\n python\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65615\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2052\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.3~88.16\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:15", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDKSA-2007:099 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830058", "href": "http://plugins.openvas.org/nasl.php?oid=830058", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDKSA-2007:099 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An off-by-one error was discovered in the PyLocale_strxfrm function\n in Python 2.4 and 2.5 that could allow context-dependent attackers\n the ability to read portions of memory via special manipulations that\n trigger a buffer over-read due to missing null termination.\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"python on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-05/msg00007.php\");\n script_id(830058);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:099\");\n script_cve_id(\"CVE-2007-2052\");\n script_name( \"Mandriva Update for python MDKSA-2007:099 (python)\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:45", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-devel\n python\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65615", "href": "http://plugins.openvas.org/nasl.php?oid=65615", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021454.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-devel\n python\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65615);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2052\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.3~88.16\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-09T11:40:28", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDVSA-2008:013 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830625", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDVSA-2008:013 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows were found in python's imageop module.\n If an application written in python used the imageop module to\n process untrusted images, it could cause the application to crash,\n enter an infinite loop, or possibly execute arbitrary code with the\n privileges of the python interpreter.\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"python on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00024.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830625\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:013\");\n script_cve_id(\"CVE-2007-4965\");\n script_name( \"Mandriva Update for python MDVSA-2008:013 (python)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:09", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065960", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065960", "sourceData": "#\n#VID slesp1-python-4902\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65960\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-4965\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_name(\"SLES10: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc\", rpm:\"python-doc~2.4.2~18.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc-pdf\", rpm:\"python-doc-pdf~2.4.2~18.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:14", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "Fedora Update for python FEDORA-2007-2663", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:861387", "href": "http://plugins.openvas.org/nasl.php?oid=861387", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2007-2663\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language often compared to Tcl, Perl, Scheme or Java. Python includes\n modules, classes, exceptions, very high level dynamic data types and\n dynamic typing. Python supports interfaces to many system calls and\n libraries, as well as to various windowing systems (X11, Motif, Tk,\n Mac and MFC).\n\n Programmers can write new built-in modules for Python in C or C++.\n Python can be used as an extension language for applications that need\n a programmable interface. This package contains most of the standard\n Python modules, as well as modules for interfacing to the Tix widget\n set for Tk and RPM.\n \n Note that documentation for Python is provided in the python-docs\n package.\";\n\ntag_affected = \"python on Fedora 7\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html\");\n script_id(861387);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:01:32 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2007-2663\");\n script_cve_id(\"CVE-2007-4965\");\n script_name( \"Fedora Update for python FEDORA-2007-2663\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.5~14.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:50", "description": "The remote host is missing updates announced in\nadvisory GLSA 200711-07.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200711-07 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:58746", "href": "http://plugins.openvas.org/nasl.php?oid=58746", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflow vulnerabilities have been discovered in Python,\npossibly resulting in the execution of arbitrary code or a Denial of\nService.\";\ntag_solution = \"All Python 2.3.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.3.6-r3'\n\nAll Python 2.4.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200711-07\nhttp://bugs.gentoo.org/show_bug.cgi?id=192876\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200711-07.\";\n\n \n\nif(description)\n{\n script_id(58746);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2007-4965\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200711-07 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"rge 2.3.6-r3\", \"ge 2.4.4-r6\"), vulnerable: make_list(\"lt 2.4.4-r6\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:16", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-mpz\n python-tk\n python-curses\n python-demo\n python-doc-pdf\n python-gdbm\n python\n python-idle\n python-devel\n python-xml\n python-doc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021835 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65112", "href": "http://plugins.openvas.org/nasl.php?oid=65112", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021835.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-mpz\n python-tk\n python-curses\n python-demo\n python-doc-pdf\n python-gdbm\n python\n python-idle\n python-devel\n python-xml\n python-doc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021835 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65112);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-4965\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python-mpz\", rpm:\"python-mpz~2.3.3~88.20\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:51", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65960", "href": "http://plugins.openvas.org/nasl.php?oid=65960", "sourceData": "#\n#VID slesp1-python-4902\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python\n python-curses\n python-demo\n python-devel\n python-doc\n python-doc-pdf\n python-gdbm\n python-idle\n python-tk\n python-xml\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65960);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2007-4965\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_name(\"SLES10: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc\", rpm:\"python-doc~2.4.2~18.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-doc-pdf\", rpm:\"python-doc-pdf~2.4.2~18.10\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.4.2~18.13\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:45", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDVSA-2008:013 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830625", "href": "http://plugins.openvas.org/nasl.php?oid=830625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDVSA-2008:013 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows were found in python's imageop module.\n If an application written in python used the imageop module to\n process untrusted images, it could cause the application to crash,\n enter an infinite loop, or possibly execute arbitrary code with the\n privileges of the python interpreter.\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"python on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-01/msg00024.php\");\n script_id(830625);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:013\");\n script_cve_id(\"CVE-2007-4965\");\n script_name( \"Mandriva Update for python MDVSA-2008:013 (python)\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5~4.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.3~3.3mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.1~5.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:24", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-mpz\n python-tk\n python-curses\n python-demo\n python-doc-pdf\n python-gdbm\n python\n python-idle\n python-devel\n python-xml\n python-doc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021835 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for Python", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065112", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065112", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021835.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-mpz\n python-tk\n python-curses\n python-demo\n python-doc-pdf\n python-gdbm\n python\n python-idle\n python-devel\n python-xml\n python-doc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021835 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65112\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-4965\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python-mpz\", rpm:\"python-mpz~2.3.3~88.20\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-11-13T20:25:13", "description": "This host has Python installed and is prone to buffer overflow\n vulnerability.", "cvss3": {}, "published": "2008-11-11T00:00:00", "type": "openvas", "title": "Python Imageop Module imageop.crop() BOF Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864"], "modified": "2019-11-12T00:00:00", "id": "OPENVAS:1361412562310800052", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800052", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Python Imageop Module imageop.crop() BOF Vulnerability (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:python:python\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800052\");\n script_version(\"2019-11-12T13:34:01+0000\");\n script_cve_id(\"CVE-2008-4864\");\n script_bugtraq_id(31976);\n script_tag(name:\"last_modification\", value:\"2019-11-12 13:34:01 +0000 (Tue, 12 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-11-11 09:00:11 +0100 (Tue, 11 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Python Imageop Module imageop.crop() BOF Vulnerability (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_python_detect_win.nasl\");\n script_mandatory_keys(\"python/win/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.python.org/\");\n\n script_tag(name:\"impact\", value:\"Remote exploitation will allow execution of arbitrary code via large number\n of integer values to crop module, which leads to a buffer overflow\n (Segmentation fault).\");\n\n script_tag(name:\"affected\", value:\"Python 1.5.2 to 2.5.1 on Windows\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due the the way module imageop.crop() handles the arguments\n as input in imageop.c file.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Python 2.5.2 or later.\");\n\n script_tag(name:\"summary\", value:\"This host has Python installed and is prone to buffer overflow\n vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_in_range( version:vers, test_version:\"1.5.2\", test_version2:\"2.5.1\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.5.2\", install_path:path );\n security_message( port:0, data:report );\n}\n\nexit( 0 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:10:15", "description": "This host has Python installed and is prone to buffer overflow\n vulnerability.", "cvss3": {}, "published": "2008-11-11T00:00:00", "type": "openvas", "title": "Python Imageop Module imageop.crop() BOF Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:800052", "href": "http://plugins.openvas.org/nasl.php?oid=800052", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_python_imageop_bof_vuln_win.nasl 5370 2017-02-20 15:24:26Z cfi $\n#\n# Python Imageop Module imageop.crop() BOF Vulnerability (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Remote exploitation will allow execution of arbitrary code via large number\n of integer values to crop module, which leads to a buffer overflow\n (Segmentation fault).\n Impact Level: Application\";\ntag_affected = \"Python 1.5.2 to 2.5.1 on Windows\";\ntag_insight = \"The flaw exists due the the way module imageop.crop() handles the arguments\n as input in imageop.c file.\";\ntag_solution = \"Upgrade to Python 2.5.2\n http://www.python.org/\";\ntag_summary = \"This host has Python installed and is prone to buffer overflow\n vulnerability.\";\n\nif(description)\n{\n script_id(800052);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-11 09:00:11 +0100 (Tue, 11 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2008-4864\");\n script_bugtraq_id(31976);\n script_name(\"Python Imageop Module imageop.crop() BOF Vulnerability (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!(get_kb_item(\"SMB/WindowsVersion\"))){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\n\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nforeach entry (registry_enum_keys(key:key))\n{\n pyName = registry_get_sz(key:key + entry, item:\"DisplayName\");\n if(\"Python\" >< pyName)\n {\n pyVer = eregmatch(pattern:\"[0-9.]+\", string:pyName);\n if(pyVer != NULL)\n {\n if(version_in_range(version:pyVer[0], test_version:\"1.5.2\",\n test_version2:\"2.5.1\")){\n security_message(0);\n }\n }\n exit(0);\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:38", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-16.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-16 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5031"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064438", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064438", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in Python have an unspecified impact.\";\ntag_solution = \"All Python 2.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.5.4-r2'\n\nAll Python 2.4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-16\nhttp://bugs.gentoo.org/show_bug.cgi?id=246991\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-16.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64438\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200907-16 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.5.4-r2\", \"rge 2.4.6\"), vulnerable: make_list(\"lt 2.5.4-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:13", "description": "The remote host is missing updates announced in\nadvisory GLSA 200907-16.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200907-16 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5031"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:64438", "href": "http://plugins.openvas.org/nasl.php?oid=64438", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple integer overflows in Python have an unspecified impact.\";\ntag_solution = \"All Python 2.5 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.5.4-r2'\n\nAll Python 2.4 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.6'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200907-16\nhttp://bugs.gentoo.org/show_bug.cgi?id=246991\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200907-16.\";\n\n \n \n\nif(description)\n{\n script_id(64438);\n script_version(\"$Revision: 6595 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:19:55 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2008-5031\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200907-16 (python)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.5.4-r2\", \"rge 2.4.6\"), vulnerable: make_list(\"lt 2.5.4-r2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:11", "description": "This host has Python installed and is prone to integer overflow\n vulnerability.", "cvss3": {}, "published": "2008-11-14T00:00:00", "type": "openvas", "title": "Python Multiple Integer Overflow Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5031"], "modified": "2017-02-20T00:00:00", "id": "OPENVAS:800056", "href": "http://plugins.openvas.org/nasl.php?oid=800056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_python_intgr_overflow_vuln_win.nasl 5370 2017-02-20 15:24:26Z cfi $\n#\n# Python Multiple Integer Overflow Vulnerabilities (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Remote exploitation will allow execution of arbitrary code via large number\n of integer values to modules.\n Impact Level: Application\";\ntag_affected = \"Python 2.5.2 on Windows.\";\ntag_insight = \"The flaw exists due the the way it handles large integer values in the\n tabsize arguments as input to expandtabs methods (string_expandtabs and\n nicode_expandtabs) in stringobject.c and unicodeobject.c.\";\ntag_solution = \"Upgrade to Python 2.5.5 or later.\n For updates refer to http://www.python.org/\";\ntag_summary = \"This host has Python installed and is prone to integer overflow\n vulnerability.\";\n\nif(description)\n{\n script_id(800056);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-14 10:43:16 +0100 (Fri, 14 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5031\");\n script_name(\"Python Multiple Integer Overflow Vulnerabilities (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!(get_kb_item(\"SMB/WindowsVersion\"))){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\n\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nforeach entry (registry_enum_keys(key:key))\n{\n pyName = registry_get_sz(key:key + entry, item:\"DisplayName\");\n if(\"Python\" >< pyName)\n {\n pyVer = eregmatch(pattern:\"[0-9.]+\", string:pyName);\n if(pyVer != NULL)\n {\n if(version_is_equal(version:pyVer[0], test_version:\"2.5.2\")){\n security_message(0);\n }\n }\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-11-13T20:25:15", "description": "This host has Python installed and is prone to integer overflow\n vulnerability.", "cvss3": {}, "published": "2008-11-14T00:00:00", "type": "openvas", "title": "Python Multiple Integer Overflow Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-5031"], "modified": "2019-11-12T00:00:00", "id": "OPENVAS:1361412562310800056", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800056", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Python Multiple Integer Overflow Vulnerabilities (Windows)\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:python:python\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800056\");\n script_version(\"2019-11-12T13:34:01+0000\");\n script_cve_id(\"CVE-2008-5031\");\n script_tag(name:\"last_modification\", value:\"2019-11-12 13:34:01 +0000 (Tue, 12 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-11-14 10:43:16 +0100 (Fri, 14 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Python Multiple Integer Overflow Vulnerabilities (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_python_detect_win.nasl\");\n script_mandatory_keys(\"python/win/detected\");\n\n script_xref(name:\"URL\", value:\"http://www.python.org/\");\n\n script_tag(name:\"impact\", value:\"Remote exploitation will allow execution of arbitrary code via large number\n of integer values to modules.\");\n\n script_tag(name:\"affected\", value:\"Python 2.5.2 on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due the the way it handles large integer values in the\n tabsize arguments as input to expandtabs methods (string_expandtabs and\n nicode_expandtabs) in stringobject.c and unicodeobject.c.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Python 2.5.5 or later.\");\n\n script_tag(name:\"summary\", value:\"This host has Python installed and is prone to integer overflow\n vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less_equal( version:vers, test_version:\"2.5.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"2.5.5\", install_path:path );\n security_message( port:0, data:report );\n}\n\nexit( 0 );\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-09T11:38:35", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDVSA-2008:085 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310830590", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830590", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDVSA-2008:085 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Integer signedness error in the zlib extension module in Python 2.5.2\n and earlier allows remote attackers to execute arbitrary code via a\n negative signed integer, which triggers insufficient memory allocation\n and a buffer overflow.\n\n The updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"python on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-04/msg00006.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830590\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:085\");\n script_cve_id(\"CVE-2008-1721\");\n script_name( \"Mandriva Update for python MDVSA-2008:085 (python)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:12", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2008-09-04T00:00:00", "type": "openvas", "title": "FreeBSD Ports: python23", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721"], "modified": "2016-09-28T00:00:00", "id": "OPENVAS:60890", "href": "http://plugins.openvas.org/nasl.php?oid=60890", "sourceData": "#\n#VID ec41c3e2-129c-11dd-bab7-0016179b2dd5\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n python23\n python24\n python25\n\nCVE-2008-1721\nInteger signedness error in the zlib extension module in Python 2.5.2\nand earlier allows remote attackers to execute arbitrary code via a\nnegative signed integer, which triggers insufficient memory allocation\nand a buffer overflow.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://securityreason.com/securityalert/3802\nhttp://bugs.python.org/issue2586\nhttp://www.vuxml.org/freebsd/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(60890);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2008-1721\");\n script_bugtraq_id(28715);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: python23\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"python23\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.3.6_1\")<0) {\n txt += 'Package python23 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"python24\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.4.5_1\")<0) {\n txt += 'Package python24 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"python25\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5.2_2\")<0) {\n txt += 'Package python25 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:03", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-04-09T00:00:00", "type": "openvas", "title": "Mandriva Update for python MDVSA-2008:085 (python)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1721"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:830590", "href": "http://plugins.openvas.org/nasl.php?oid=830590", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDVSA-2008:085 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Integer signedness error in the zlib extension module in Python 2.5.2\n and earlier allows remote attackers to execute arbitrary code via a\n negative signed integer, which triggers insufficient memory allocation\n and a buffer overflow.\n\n The updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"python on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-04/msg00006.php\");\n script_id(830590);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:085\");\n script_cve_id(\"CVE-2008-1721\");\n script_name( \"Mandriva Update for python MDVSA-2008:085 (python)\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5~4.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.1~5.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter-apps\", rpm:\"tkinter-apps~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5.2~2.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:31", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for python RHSA-2007:1077-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310870189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870189", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1077-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870189\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"RedHat Update for python RHSA-2007:1077-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:37", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2007:1077-01 centos2 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880319", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2007:1077-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014500.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880319\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"CentOS Update for python CESA-2007:1077-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:59", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-03-06T00:00:00", "type": "openvas", "title": "RedHat Update for python RHSA-2007:1077-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870189", "href": "http://plugins.openvas.org/nasl.php?oid=870189", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1077-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00004.html\");\n script_id(870189);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"RedHat Update for python RHSA-2007:1077-01\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:47", "description": "Check for the Version of python", "cvss3": {}, "published": "2009-02-27T00:00:00", "type": "openvas", "title": "CentOS Update for python CESA-2007:1077-01 centos2 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880319", "href": "http://plugins.openvas.org/nasl.php?oid=880319", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2007:1077-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014500.html\");\n script_id(880319);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"CentOS Update for python CESA-2007:1077-01 centos2 i386\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2021-10-21T04:46:43", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-27T00:00:00", "type": "redhat", "title": "(RHSA-2009:1176) Moderate: python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2017-09-08T08:10:58", "id": "RHSA-2009:1176", "href": "https://access.redhat.com/errata/RHSA-2009:1176", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:45:21", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-27T00:00:00", "type": "redhat", "title": "(RHSA-2009:1177) Moderate: python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2017-09-08T07:50:33", "id": "RHSA-2009:1177", "href": "https://access.redhat.com/errata/RHSA-2009:1177", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:46:10", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to crash or, potentially, execute arbitrary\ncode with the Python interpreter's privileges. (CVE-2008-1679,\nCVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-07-27T00:00:00", "type": "redhat", "title": "(RHSA-2009:1178) Moderate: python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2018-05-26T00:26:17", "id": "RHSA-2009:1178", "href": "https://access.redhat.com/errata/RHSA-2009:1178", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:44:12", "description": "Python is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated. This\r\nmay possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nMultiple integer overflow flaws were discovered in Python's imageop module.\r\nIf an application written in Python used the imageop module to process\r\nuntrusted images, it could cause the application to crash, enter an\r\ninfinite loop, or possibly execute arbitrary code with the privileges of\r\nthe Python interpreter. (CVE-2007-4965)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "cvss3": {}, "published": "2007-12-10T00:00:00", "type": "redhat", "title": "(RHSA-2007:1076) Moderate: python security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7228", "CVE-2007-2052", "CVE-2007-4965"], "modified": "2017-09-08T08:13:48", "id": "RHSA-2007:1076", "href": "https://access.redhat.com/errata/RHSA-2007:1076", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:45:46", "description": "Python is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated, which\r\ncould possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "cvss3": {}, "published": "2007-12-10T00:00:00", "type": "redhat", "title": "(RHSA-2007:1077) Moderate: python security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-7228", "CVE-2007-2052"], "modified": "2018-03-14T15:26:10", "id": "RHSA-2007:1077", "href": "https://access.redhat.com/errata/RHSA-2007:1077", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:25", "description": "[2.4.3-24.el5_3.6]\n- Fix all of the low priority security bugs:\n- Resolves: rhbz#486351\n- Multiple integer overflows in python core (CVE-2008-2315)\n- Resolves: 455008\n- PyString_FromStringAndSize does not check for negative size values (CVE-2008-1887)\n- Resolves: 443810\n- Multiple integer overflows discovered by Google (CVE-2008-3143)\n- Resolves: 455013\n- Multiple buffer overflows in unicode processing (CVE-2008-3142)\n- Resolves: 454990\n- Potential integer underflow and overflow in the PyOS_vsnprintf C API function (CVE-2008-3144)\n- Resolves: 455018\n- imageop module multiple integer overflows (CVE-2008-4864)\n- Resolves: 469656\n- stringobject, unicodeobject integer overflows (CVE-2008-5031) \n- Resolves: 470915\n- integer signedness error in the zlib extension module (CVE-2008-1721)\n- Resolves: 442005\n- off-by-one locale.strxfrm() (possible memory disclosure) (CVE-2007-2052)\n- Resolves: 235093\n- imageop module heap corruption (CVE-2007-4965)\n- Resolves: 295971 ", "cvss3": {}, "published": "2009-07-27T00:00:00", "type": "oraclelinux", "title": "python security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2009-07-27T00:00:00", "id": "ELSA-2009-1176", "href": "http://linux.oracle.com/errata/ELSA-2009-1176.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:40", "description": "[2.3.4-14.7.el4_8.2]\n- Fix all of the low priority security bugs:\n- Resolves: rhbz#486329\n- Multiple integer overflows in python core (CVE-2008-2315)\n- Resolves: 455008 \n- PyString_FromStringAndSize does not check for negative size values (CVE-2008-1887)\n- Resolves: 443810\n- Multiple integer overflows discovered by Google (CVE-2008-3143)\n- Resolves: 455013 \n- Multiple buffer overflows in unicode processing (CVE-2008-3142)\n- Resolves: 454990\n- Potential integer underflow and overflow in the PyOS_vsnprintf C API function (CVE-2008-3144)\n- Resolves: 455018\n- imageop module multiple integer overflows (CVE-2008-4864)\n- Resolves: 469656\n- stringobject, unicodeobject integer overflows (CVE-2008-5031)\n- Resolves: 470915\n- integer signedness error in the zlib extension module (CVE-2008-1721)\n- Resolves: 442005\n- imageop module integer overflows (CVE-2008-1679)\n- CVE-2008-1679 patch is part of python-2.3.4-CVE-2008-4864-imageop-{1,2}.patch\n- Resolves: 441306 ", "cvss3": {}, "published": "2009-07-27T00:00:00", "type": "oraclelinux", "title": "python security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2009-07-27T00:00:00", "id": "ELSA-2009-1177", "href": "http://linux.oracle.com/errata/ELSA-2009-1177.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:57", "description": "[2.2.3-6.11]\n- Fix all of the low priority security bugs:\n- Resolves: rhbz#486114\n- Multiple integer overflows in python core (CVE-2008-2315)\n- Resolves: 455008\n- PyString_FromStringAndSize does not check for negative size values (CVE-2008-1887)\n- Resolves: 443810\n- Multiple integer overflows discovered by Google (CVE-2008-3143) \n- Resolves: 455013\n- Multiple buffer overflows in unicode processing (CVE-2008-3142)\n- Resolves: 454990\n- Potential integer underflow and overflow in the PyOS_vsnprintf C API function (CVE-2008-3144)\n- Resolves: 455018\n- imageop module multiple integer overflows (CVE-2008-4864)\n- Resolves: 469656\n- stringobject, unicodeobject integer overflows (CVE-2008-5031)\n- Resolves: 470915\n- imageop module integer overflows (CVE-2008-1679)\n- CVE-2008-1679 patch is part of python-2.2.3-CVE-2008-4864-imageop-1.patch\n- Resolves: 441306", "cvss3": {}, "published": "2009-07-27T00:00:00", "type": "oraclelinux", "title": "python security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2008-3143", "CVE-2008-4864", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1679", "CVE-2008-1887", "CVE-2008-5031"], "modified": "2009-07-27T00:00:00", "id": "ELSA-2009-1178", "href": "http://linux.oracle.com/errata/ELSA-2009-1178.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:14", "description": " [2.2.3-6.8]\n \n - Fix possible integer overflow in image ops\n - Fix off by one strxfrm malloc\n - Fix pypcre bugs\n - Resolves: 392031 ", "cvss3": {}, "published": "2007-12-10T00:00:00", "type": "oraclelinux", "title": "Moderate: python security update ", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2007-12-10T00:00:00", "id": "ELSA-2007-1076", "href": "http://linux.oracle.com/errata/ELSA-2007-1076.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T14:26:01", "description": "When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nWould like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-2315 issue.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : python for SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090727_PYTHON_FOR_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60622", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60622);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n\n script_name(english:\"Scientific Linux Security Update : python for SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to disclose sensitive\ninformation, crash or, potentially, execute arbitrary code with the\nPython interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored\nin the memory of a Python application using this function.\n(CVE-2007-2052)\n\nWould like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=2031\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?28d7c465\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"python-2.4.3-24.el5_3.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-devel-2.4.3-24.el5_3.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-tools-2.4.3-24.el5_3.6\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tkinter-2.4.3-24.el5_3.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T15:44:08", "description": "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2010-01-06T00:00:00", "type": "nessus", "title": "CentOS 5 : python (CESA-2009:1176)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:python", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python-tools", "p-cpe:/a:centos:centos:tkinter", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2009-1176.NASL", "href": "https://www.tenable.com/plugins/nessus/43771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1176 and \n# CentOS Errata and Security Advisory 2009:1176 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43771);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(25696, 28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1176\");\n\n script_name(english:\"CentOS 5 : python (CESA-2009:1176)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to disclose sensitive\ninformation, crash or, potentially, execute arbitrary code with the\nPython interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored\nin the memory of a Python application using this function.\n(CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016050.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0d8b6fa\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016051.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35d535d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-2.4.3-24.el5_3.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-devel-2.4.3-24.el5_3.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-tools-2.4.3-24.el5_3.6\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tkinter-2.4.3-24.el5_3.6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-tools / tkinter\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:25:45", "description": "From Red Hat Security Advisory 2009:1176 :\n\nUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : python (ELSA-2009-1176)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-devel", "p-cpe:/a:oracle:linux:python-tools", "p-cpe:/a:oracle:linux:tkinter", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2009-1176.NASL", "href": "https://www.tenable.com/plugins/nessus/67896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1176 and \n# Oracle Linux Security Advisory ELSA-2009-1176 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67896);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(25696, 28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1176\");\n\n script_name(english:\"Oracle Linux 5 : python (ELSA-2009-1176)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1176 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to disclose sensitive\ninformation, crash or, potentially, execute arbitrary code with the\nPython interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored\nin the memory of a Python application using this function.\n(CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-July/001090.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"python-2.4.3-24.el5_3.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"python-devel-2.4.3-24.el5_3.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"python-tools-2.4.3-24.el5_3.6\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tkinter-2.4.3-24.el5_3.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-tools / tkinter\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:43", "description": "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function.\n(CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2009-07-28T00:00:00", "type": "nessus", "title": "RHEL 5 : python (RHSA-2009:1176)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:tkinter", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-1176.NASL", "href": "https://www.tenable.com/plugins/nessus/40400", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1176. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40400);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(25696, 28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1176\");\n\n script_name(english:\"RHEL 5 : python (RHSA-2009:1176)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to disclose sensitive\ninformation, crash or, potentially, execute arbitrary code with the\nPython interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored\nin the memory of a Python application using this function.\n(CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1176\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1176\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-2.4.3-24.el5_3.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-2.4.3-24.el5_3.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-2.4.3-24.el5_3.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"python-devel-2.4.3-24.el5_3.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-tools-2.4.3-24.el5_3.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-tools-2.4.3-24.el5_3.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-tools-2.4.3-24.el5_3.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tkinter-2.4.3-24.el5_3.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tkinter-2.4.3-24.el5_3.6\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tkinter-2.4.3-24.el5_3.6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:38:59", "description": "From Red Hat Security Advisory 2009:1177 :\n\nUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 : python (ELSA-2009-1177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-devel", "p-cpe:/a:oracle:linux:python-docs", "p-cpe:/a:oracle:linux:python-tools", "p-cpe:/a:oracle:linux:tkinter", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2009-1177.NASL", "href": "https://www.tenable.com/plugins/nessus/67897", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1177 and \n# Oracle Linux Security Advisory ELSA-2009-1177 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67897);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1177\");\n\n script_name(english:\"Oracle Linux 4 : python (ELSA-2009-1177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1177 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-1679 and CVE-2008-2315\nissues.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-July/001091.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"python-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-devel-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-docs-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-tools-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"tkinter-2.3.4-14.7.el4_8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:43", "description": "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2009-07-28T00:00:00", "type": "nessus", "title": "RHEL 4 : python (RHSA-2009:1177)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:python-docs", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:tkinter", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2009-1177.NASL", "href": "https://www.tenable.com/plugins/nessus/40401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1177. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40401);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1177\");\n\n script_name(english:\"RHEL 4 : python (RHSA-2009:1177)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-1679 and CVE-2008-2315\nissues.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1177\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1177\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"python-2.3.4-14.7.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-devel-2.3.4-14.7.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-docs-2.3.4-14.7.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-tools-2.3.4-14.7.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"tkinter-2.3.4-14.7.el4_8.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:42", "description": "When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nWould like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : python for SL 4.x on i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090728_PYTHON_FOR_SL_4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60625", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60625);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n\n script_name(english:\"Scientific Linux Security Update : python for SL 4.x on i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it\ncould cause the application to crash or, potentially, execute\narbitrary code with the Python interpreter's privileges.\n(CVE-2008-1721)\n\nWould like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=2154\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8536e4cc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"python-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-devel-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-docs-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-tools-2.3.4-14.7.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"tkinter-2.3.4-14.7.el4_8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:38:54", "description": "From Red Hat Security Advisory 2009:1178 :\n\nUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 3 : python (ELSA-2009-1178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-devel", "p-cpe:/a:oracle:linux:python-tools", "p-cpe:/a:oracle:linux:tkinter", "cpe:/o:oracle:linux:3"], "id": "ORACLELINUX_ELSA-2009-1178.NASL", "href": "https://www.tenable.com/plugins/nessus/67898", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1178 and \n# Oracle Linux Security Advisory ELSA-2009-1178 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67898);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1178\");\n\n script_name(english:\"Oracle Linux 3 : python (ELSA-2009-1178)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1178 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-1679 and CVE-2008-2315\nissues.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-July/001092.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"python-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"python-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"python-devel-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"python-devel-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"python-tools-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"python-tools-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"tkinter-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"tkinter-2.2.3-6.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-tools / tkinter\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:20:27", "description": "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2009-07-28T00:00:00", "type": "nessus", "title": "CentOS 3 : python (CESA-2009:1178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:python", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python-docs", "p-cpe:/a:centos:centos:python-tools", "p-cpe:/a:centos:centos:tkinter", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2009-1178.NASL", "href": "https://www.tenable.com/plugins/nessus/40394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1178 and \n# CentOS Errata and Security Advisory 2009:1178 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40394);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1178\");\n\n script_name(english:\"CentOS 3 : python (CESA-2009:1178)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-1679 and CVE-2008-2315\nissues.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016040.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe2ccaf6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-July/016041.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dfc5e7af\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"python-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"python-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"python-devel-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"python-devel-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"python-docs-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"python-docs-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"python-tools-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"python-tools-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"tkinter-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"tkinter-2.2.3-6.11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:43", "description": "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "cvss3": {}, "published": "2009-07-28T00:00:00", "type": "nessus", "title": "RHEL 3 : python (RHSA-2009:1178)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:tkinter", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2009-1178.NASL", "href": "https://www.tenable.com/plugins/nessus/40402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1178. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40402);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);\n script_xref(name:\"RHSA\", value:\"2009:1178\");\n\n script_name(english:\"RHEL 3 : python (RHSA-2009:1178)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nRed Hat would like to thank David Remahl of the Apple Product Security\nteam for responsibly reporting the CVE-2008-1679 and CVE-2008-2315\nissues.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-1887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-3144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-5031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1178\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1178\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"python-2.2.3-6.11\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"python-devel-2.2.3-6.11\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"python-tools-2.2.3-6.11\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"tkinter-2.2.3-6.11\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:15", "description": "When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)\n\nWould like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : python for SL 3.0.x on i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090728_PYTHON_FOR_SL_3_0_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60624", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60624);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n\n script_name(english:\"Scientific Linux Security Update : python for SL 3.0.x on i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When the assert() system call was disabled, an input sanitization flaw\nwas revealed in the Python string object implementation that led to a\nbuffer overflow. The missing check for negative size values meant the\nPython memory allocator could allocate less memory than expected. This\ncould result in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python\nUnicode string processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial\nof service (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop\nmodule. If a Python application used the imageop module to process\nuntrusted images, it could cause the application to crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2008-1679, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws\nto cause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules.\nAn attacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nWould like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=2408\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?492e1514\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"python-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"python-devel-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"SL3\", cpu:\"i386\", reference:\"python-docs-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"python-tools-2.2.3-6.11\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"tkinter-2.2.3-6.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:32", "description": "It was discovered that there were new integer overflows in the imageop module. If an attacker were able to trick a Python application into processing a specially crafted image, they could execute arbitrary code with user privileges. (CVE-2008-1679)\n\nJustin Ferguson discovered that the zlib module did not correctly handle certain archives. If an attacker were able to trick a Python application into processing a specially crafted archive file, they could execute arbitrary code with user privileges. (CVE-2008-1721)\n\nJustin Ferguson discovered that certain string manipulations in Python could be made to overflow. If an attacker were able to pass a specially crafted string through the PyString_FromStringAndSize function, they could execute arbitrary code with user privileges.\n(CVE-2008-1887)\n\nMultiple integer overflows were discovered in Python's core and modules including hashlib, binascii, pickle, md5, stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service.\n(CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-08-04T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-5031"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:idle-python2.4", "p-cpe:/a:canonical:ubuntu_linux:idle-python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.4", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.4-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.4-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm", "p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:python2.4-tk", "p-cpe:/a:canonical:ubuntu_linux:python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.5-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.5-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-632-1.NASL", "href": "https://www.tenable.com/plugins/nessus/33807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-632-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33807);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-5031\");\n script_xref(name:\"USN\", value:\"632-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were new integer overflows in the imageop\nmodule. If an attacker were able to trick a Python application into\nprocessing a specially crafted image, they could execute arbitrary\ncode with user privileges. (CVE-2008-1679)\n\nJustin Ferguson discovered that the zlib module did not correctly\nhandle certain archives. If an attacker were able to trick a Python\napplication into processing a specially crafted archive file, they\ncould execute arbitrary code with user privileges. (CVE-2008-1721)\n\nJustin Ferguson discovered that certain string manipulations in Python\ncould be made to overflow. If an attacker were able to pass a\nspecially crafted string through the PyString_FromStringAndSize\nfunction, they could execute arbitrary code with user privileges.\n(CVE-2008-1887)\n\nMultiple integer overflows were discovered in Python's core and\nmodules including hashlib, binascii, pickle, md5, stringobject,\nunicodeobject, bufferobject, longobject, tupleobject, stropmodule,\ngcmodule, and mmapmodule. If an attacker were able to exploit these\nflaws they could execute arbitrary code with user privileges or cause\nPython applications to crash, leading to a denial of service.\n(CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143,\nCVE-2008-3144).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/632-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"idle-python2.4\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dev\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-doc\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-examples\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-gdbm\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-tk\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"idle-python2.4 / idle-python2.5 / python2.4 / python2.4-dbg / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:46:38", "description": "Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-2315 David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules.\n\n - CVE-2008-3142 Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows.\n\n - CVE-2008-3143 Several integer overflows were discovered in various Python core modules.\n\n - CVE-2008-3144 Several integer overflows were discovered in the PyOS_vsnprintf() function.", "cvss3": {}, "published": "2008-11-21T00:00:00", "type": "nessus", "title": "Debian DSA-1667-1 : python2.4 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python2.4", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1667.NASL", "href": "https://www.tenable.com/plugins/nessus/34823", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1667. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34823);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_xref(name:\"DSA\", value:\"1667\");\n\n script_name(english:\"Debian DSA-1667-1 : python2.4 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Python language. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2008-2315\n David Remahl discovered several integer overflows in the\n stringobject, unicodeobject, bufferobject, longobject,\n tupleobject, stropmodule, gcmodule, and mmapmodule\n modules.\n\n - CVE-2008-3142\n Justin Ferguson discovered that incorrect memory\n allocation in the unicode_resize() function can lead to\n buffer overflows.\n\n - CVE-2008-3143\n Several integer overflows were discovered in various\n Python core modules.\n\n - CVE-2008-3144\n Several integer overflows were discovered in the\n PyOS_vsnprintf() function.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1667\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python2.4 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"idle-python2.4\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-dbg\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-dev\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-examples\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-minimal\", reference:\"2.4.4-3+etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:53", "description": "Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : python (MDVSA-2009:003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965", "CVE-2008-1679", "CVE-2008-2315", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64python2.5", "p-cpe:/a:mandriva:linux:lib64python2.5-devel", "p-cpe:/a:mandriva:linux:libpython2.5", "p-cpe:/a:mandriva:linux:libpython2.5-devel", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:python-base", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:tkinter", "p-cpe:/a:mandriva:linux:tkinter-apps", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2009.0"], "id": "MANDRIVA_MDVSA-2009-003.NASL", "href": "https://www.tenable.com/plugins/nessus/36693", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:003. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36693);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(31976);\n script_xref(name:\"MDVSA\", value:\"2009:003\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2009:003)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflows in imageop.c in the imageop module in\nPython 1.5.2 through 2.5.1 allow context-dependent attackers to break\nout of the Python VM and execute arbitrary code via large integer\nvalues in certain arguments to the crop function, leading to a buffer\noverflow, a different vulnerability than CVE-2007-4965 and\nCVE-2008-1679. (CVE-2008-4864)\n\nMultiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6,\nallow context-dependent attackers to have an unknown impact via a\nlarge integer value in the tabsize argument to the expandtabs method,\nas implemented by (1) the string_expandtabs function in\nObjects/stringobject.c and (2) the unicode_expandtabs function in\nObjects/unicodeobject.c. NOTE: this vulnerability reportedly exists\nbecause of an incomplete fix for CVE-2008-2315. (CVE-2008-5031)\n\nThe updated Python packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5.2-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5.2-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpython2.5-2.5.2-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5.2-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-2.5.2-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-base-2.5.2-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-docs-2.5.2-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tkinter-2.5.2-2.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tkinter-apps-2.5.2-2.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5.2-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5.2-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpython2.5-2.5.2-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5.2-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"python-2.5.2-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"python-base-2.5.2-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"python-docs-2.5.2-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tkinter-2.5.2-2.3mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tkinter-apps-2.5.2-2.3mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5.2-5.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5.2-5.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpython2.5-2.5.2-5.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5.2-5.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"python-2.5.2-5.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"python-base-2.5.2-5.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"python-docs-2.5.2-5.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tkinter-2.5.2-5.2mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"tkinter-apps-2.5.2-5.2mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:47", "description": "Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure.\n\n - CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch.\n\n - CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code.\n\n - CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.", "cvss3": {}, "published": "2008-04-22T00:00:00", "type": "nessus", "title": "Debian DSA-1551-1 : python2.4 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python2.4", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1551.NASL", "href": "https://www.tenable.com/plugins/nessus/32006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1551. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(32006);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_xref(name:\"DSA\", value:\"1551\");\n\n script_name(english:\"Debian DSA-1551-1 : python2.4 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Python language. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-2052\n Piotr Engelking discovered that the strxfrm() function\n of the locale module miscalculates the length of an\n internal buffer, which may result in a minor information\n disclosure.\n\n - CVE-2007-4965\n It was discovered that several integer overflows in the\n imageop module may lead to the execution of arbitrary\n code, if a user is tricked into processing malformed\n images. This issue is also tracked as CVE-2008-1679 due\n to an initially incomplete patch.\n\n - CVE-2008-1721\n Justin Ferguson discovered that a buffer overflow in the\n zlib module may lead to the execution of arbitrary code.\n\n - CVE-2008-1887\n Justin Ferguson discovered that insufficient input\n validation in PyString_FromStringAndSize() may lead to\n the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1551\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python2.4 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"idle-python2.4\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-dbg\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-dev\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-examples\", reference:\"2.4.4-3+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-minimal\", reference:\"2.4.4-3+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:07", "description": "Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure.\n\n - CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch.\n\n - CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code.\n\n - CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.", "cvss3": {}, "published": "2008-07-28T00:00:00", "type": "nessus", "title": "Debian DSA-1620-1 : python2.5 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python2.5", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1620.NASL", "href": "https://www.tenable.com/plugins/nessus/33740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1620. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33740);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\", \"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_bugtraq_id(25696, 28715, 28749);\n script_xref(name:\"DSA\", value:\"1620\");\n\n script_name(english:\"Debian DSA-1620-1 : python2.5 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Python language. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2007-2052\n Piotr Engelking discovered that the strxfrm() function\n of the locale module miscalculates the length of an\n internal buffer, which may result in a minor information\n disclosure.\n\n - CVE-2007-4965\n It was discovered that several integer overflows in the\n imageop module may lead to the execution of arbitrary\n code, if a user is tricked into processing malformed\n images. This issue is also tracked as CVE-2008-1679 due\n to an initially incomplete patch.\n\n - CVE-2008-1721\n Justin Ferguson discovered that a buffer overflow in the\n zlib module may lead to the execution of arbitrary code.\n\n - CVE-2008-1887\n Justin Ferguson discovered that insufficient input\n validation in PyString_FromStringAndSize() may lead to\n the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-1887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1620\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python2.5 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.5-5+etch1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"idle-python2.5\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5-dbg\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5-dev\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5-examples\", reference:\"2.5-5+etch1\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.5-minimal\", reference:\"2.5-5+etch1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:17:08", "description": "It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS. (CVE-2008-4864)\n\nMultiple integer overflows were discovered in Python's stringobject and unicodeobject expandtabs method. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service. (CVE-2008-5031).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-07-24T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : python2.4, python2.5 vulnerabilities (USN-806-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2315", "CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:idle-python2.4", "p-cpe:/a:canonical:ubuntu_linux:idle-python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.4", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.4-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.4-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm", "p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:python2.4-tk", "p-cpe:/a:canonical:ubuntu_linux:python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.5-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.5-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-806-1.NASL", "href": "https://www.tenable.com/plugins/nessus/40361", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-806-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40361);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-4864\", \"CVE-2008-5031\");\n script_bugtraq_id(31932, 31976, 33187);\n script_xref(name:\"USN\", value:\"806-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : python2.4, python2.5 vulnerabilities (USN-806-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Python incorrectly handled certain arguments in\nthe imageop module. If an attacker were able to pass specially crafted\narguments through the crop function, they could execute arbitrary code\nwith user privileges. For Python 2.5, this issue only affected Ubuntu\n8.04 LTS. (CVE-2008-4864)\n\nMultiple integer overflows were discovered in Python's stringobject\nand unicodeobject expandtabs method. If an attacker were able to\nexploit these flaws they could execute arbitrary code with user\nprivileges or cause Python applications to crash, leading to a denial\nof service. (CVE-2008-5031).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/806-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"idle-python2.4\", pkgver:\"2.4.3-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4\", pkgver:\"2.4.3-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.3-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dev\", pkgver:\"2.4.3-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-doc\", pkgver:\"2.4.3-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-examples\", pkgver:\"2.4.3-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-gdbm\", pkgver:\"2.4.3-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.3-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-tk\", pkgver:\"2.4.3-0ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.5-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.2-2ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4\", pkgver:\"2.4.5-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.5-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.5-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.5-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.5-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.5-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5\", pkgver:\"2.5.2-2ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.2-2ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.2-2ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.2-2ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.2-2ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.2-2ubuntu6\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.5-5ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"python2.4\", pkgver:\"2.4.5-5ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.5-5ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.5-5ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.5-5ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.5-5ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.5-5ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"idle-python2.4 / idle-python2.5 / python2.4 / python2.4-dbg / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:20", "description": "Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965.\n\nDavid Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). He also reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results (CVE-2008-2316).\n\nJustin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142).\n\nMultiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143).\n\nJustin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144).\n\nThe updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : python (MDVSA-2008:163)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965", "CVE-2008-1679", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64python2.5", "p-cpe:/a:mandriva:linux:lib64python2.5-devel", "p-cpe:/a:mandriva:linux:libpython2.5", "p-cpe:/a:mandriva:linux:libpython2.5-devel", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:python-base", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:tkinter", "p-cpe:/a:mandriva:linux:tkinter-apps", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2008.1"], "id": "MANDRIVA_MDVSA-2008-163.NASL", "href": "https://www.tenable.com/plugins/nessus/37212", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:163. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37212);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2008-1679\",\n \"CVE-2008-2315\",\n \"CVE-2008-2316\",\n \"CVE-2008-3142\",\n \"CVE-2008-3143\",\n \"CVE-2008-3144\"\n );\n script_bugtraq_id(\n 28715,\n 30491\n );\n script_xref(name:\"MDVSA\", value:\"2008:163\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2008:163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflows in the imageop module in Python prior to\n2.5.3 allowed context-dependent attackers to cause a denial of service\n(crash) or possibly execute arbitrary code via crafted images that\ntrigger heap-based buffer overflows (CVE-2008-1679). This was due to\nan incomplete fix for CVE-2007-4965.\n\nDavid Remahl of Apple Product Security reported several integer\noverflows in a number of core modules (CVE-2008-2315). He also\nreported an integer overflow in the hashlib module on Python 2.5 that\nlead to unreliable cryptographic digest results (CVE-2008-2316).\n\nJustin Ferguson reported multiple buffer overflows in unicode string\nprocessing that affected 32bit systems (CVE-2008-3142).\n\nMultiple integer overflows were reported by the Google Security Team\nthat had been fixed in Python 2.5.2 (CVE-2008-3143).\n\nJustin Ferguson reported a number of integer overflows and underflows\nin the PyOS_vsnprintf() function, as well as an off-by-one error when\npassing zero-length strings, that led to memory corruption\n(CVE-2008-3144).\n\nThe updated packages have been patched to correct these issues. As\nwell, Python packages on Mandriva Linux 2007.1 and 2008.0 have been\nupdated to version 2.5.2. Due to slight packaging changes on Mandriva\nLinux 2007.1, a new package is available (tkinter-apps) that contains\nbinary files (such as /usr/bin/idle) that were previously in the\ntkinter package.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpython2.5-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"python-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"python-base-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"python-docs-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tkinter-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tkinter-apps-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpython2.5-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-base-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-docs-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tkinter-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tkinter-apps-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpython2.5-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"python-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"python-base-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"python-docs-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tkinter-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tkinter-apps-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:37", "description": "This update of python fixes several security vulnerabilities.\n(CVE-2008-1679 / CVE-2008-1887 / CVE-2008-3143 / CVE-2008-3142 / CVE-2008-3144 / CVE-2008-2315 / CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too.", "cvss3": {}, "published": "2008-08-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Python (ZYPP Patch Number 5490)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PYTHON-5490.NASL", "href": "https://www.tenable.com/plugins/nessus/33923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33923);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n\n script_name(english:\"SuSE 10 Security Update : Python (ZYPP Patch Number 5490)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of python fixes several security vulnerabilities.\n(CVE-2008-1679 / CVE-2008-1887 / CVE-2008-3143 / CVE-2008-3142 /\nCVE-2008-3144 / CVE-2008-2315 / CVE-2008-2316) Note: for SLE10 a\nnon-security bug in mmap was fixed too.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1679.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1887.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2315.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3142.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3144.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5490.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-curses-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-devel-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-gdbm-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-tk-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-xml-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-curses-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-devel-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-gdbm-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-tk-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-xml-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-curses-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-demo-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-devel-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-doc-2.4.2-18.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-doc-pdf-2.4.2-18.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-gdbm-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-idle-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-tk-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-xml-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-curses-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-demo-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-devel-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-doc-2.4.2-18.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-doc-pdf-2.4.2-18.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-gdbm-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-idle-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-tk-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-xml-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:44", "description": "This update of python fixes several security vulnerabilities.\n(CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)", "cvss3": {}, "published": "2008-08-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : python (python-5491)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python-curses", "p-cpe:/a:novell:opensuse:python-demo", "p-cpe:/a:novell:opensuse:python-devel", "p-cpe:/a:novell:opensuse:python-gdbm", "p-cpe:/a:novell:opensuse:python-idle", "p-cpe:/a:novell:opensuse:python-tk", "p-cpe:/a:novell:opensuse:python-xml", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_PYTHON-5491.NASL", "href": "https://www.tenable.com/plugins/nessus/33924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update python-5491.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33924);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n\n script_name(english:\"openSUSE 10 Security Update : python (python-5491)\");\n script_summary(english:\"Check for the python-5491 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of python fixes several security vulnerabilities.\n(CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142,\nCVE-2008-3144, CVE-2008-2315, CVE-2008-2316)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-curses-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-demo-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-devel-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-gdbm-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-idle-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-tk-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-xml-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"python-32bit-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-curses-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-demo-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-devel-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-gdbm-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-idle-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-tk-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-xml-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"python-32bit-2.5.1-39.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:52", "description": "This update of python fixes several security vulnerabilities.\n(CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python (python-128)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python-curses", "p-cpe:/a:novell:opensuse:python-demo", "p-cpe:/a:novell:opensuse:python-devel", "p-cpe:/a:novell:opensuse:python-gdbm", "p-cpe:/a:novell:opensuse:python-idle", "p-cpe:/a:novell:opensuse:python-tk", "p-cpe:/a:novell:opensuse:python-xml", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_PYTHON-080801.NASL", "href": "https://www.tenable.com/plugins/nessus/40115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update python-128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40115);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n\n script_name(english:\"openSUSE Security Update : python (python-128)\");\n script_summary(english:\"Check for the python-128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of python fixes several security vulnerabilities.\n(CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142,\nCVE-2008-3144, CVE-2008-2315, CVE-2008-2316)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=377090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=379121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=379534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=406051\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-curses-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-demo-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-devel-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-gdbm-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-idle-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-tk-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-xml-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"python-32bit-2.5.2-26.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:49", "description": "This update of python fixes several security vulnerabilities.\n(CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)\n\nNote: for SLE10 a non-security bug in mmap was fixed too.", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Python (YOU Patch Number 12215)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12215.NASL", "href": "https://www.tenable.com/plugins/nessus/41229", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41229);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n\n script_name(english:\"SuSE9 Security Update : Python (YOU Patch Number 12215)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of python fixes several security vulnerabilities.\n(CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142,\nCVE-2008-3144, CVE-2008-2315, CVE-2008-2316)\n\nNote: for SLE10 a non-security bug in mmap was fixed too.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1679.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1887.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2315.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3142.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3144.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12215.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"python-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-curses-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-demo-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-devel-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-doc-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-doc-pdf-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-gdbm-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-idle-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-mpz-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-tk-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-xml-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"python-32bit-9-200808010009\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:16", "description": "The remote host is affected by the vulnerability described in GLSA-200807-16 (Python: Multiple vulnerabilities)\n\n Multiple vulnerabilities were discovered in Python:\n David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule (CVE-2008-2315).\n David Remahl of Apple Product Security also reported an integer overflow in the hashlib module, leading to unreliable cryptographic digest results (CVE-2008-2316).\n Justin Ferguson reported multiple buffer overflows in unicode string processing that only affect 32bit systems (CVE-2008-3142).\n The Google Security Team reported multiple integer overflows (CVE-2008-3143).\n Justin Ferguson reported multiple integer underflows and overflows in the PyOS_vsnprintf() function, and an off-by-one error when passing zero-length strings, leading to memory corruption (CVE-2008-3144).\n Impact :\n\n A remote attacker could exploit these vulnerabilities in Python applications or daemons that pass user-controlled input to vulnerable functions. Exploitation might lead to the execution of arbitrary code or a Denial of Service. Vulnerabilities within the hashlib might lead to weakened cryptographic protection of data integrity or authenticity.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2008-08-01T00:00:00", "type": "nessus", "title": "GLSA-200807-16 : Python: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:python", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200807-16.NASL", "href": "https://www.tenable.com/plugins/nessus/33782", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200807-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33782);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_xref(name:\"GLSA\", value:\"200807-16\");\n\n script_name(english:\"GLSA-200807-16 : Python: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200807-16\n(Python: Multiple vulnerabilities)\n\n Multiple vulnerabilities were discovered in Python:\n David Remahl of Apple Product Security reported several integer\n overflows in core modules such as stringobject, unicodeobject,\n bufferobject, longobject, tupleobject, stropmodule, gcmodule,\n mmapmodule (CVE-2008-2315).\n David Remahl of Apple Product Security also reported an integer\n overflow in the hashlib module, leading to unreliable cryptographic\n digest results (CVE-2008-2316).\n Justin Ferguson reported multiple buffer overflows in unicode string\n processing that only affect 32bit systems (CVE-2008-3142).\n The Google Security Team reported multiple integer overflows\n (CVE-2008-3143).\n Justin Ferguson reported multiple integer underflows and overflows in\n the PyOS_vsnprintf() function, and an off-by-one error when passing\n zero-length strings, leading to memory corruption (CVE-2008-3144).\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities in Python\n applications or daemons that pass user-controlled input to vulnerable\n functions. Exploitation might lead to the execution of arbitrary code\n or a Denial of Service. Vulnerabilities within the hashlib might lead\n to weakened cryptographic protection of data integrity or authenticity.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200807-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Python 2.4 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r14'\n All Python 2.5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.5.2-r6'\n Please note that Python 2.3 is masked since June 24, and we will not be\n releasing updates to it. It will be removed from the tree in the near\n future.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/python\", unaffected:make_list(\"rge 2.4.4-r14\", \"ge 2.5.2-r6\", \"rge 2.4.6\"), vulnerable:make_list(\"lt 2.5.2-r6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Python\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:12:57", "description": "New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues.", "cvss3": {}, "published": "2008-08-05T00:00:00", "type": "nessus", "title": "Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:python", "p-cpe:/a:slackware:slackware_linux:python-demo", "p-cpe:/a:slackware:slackware_linux:python-tools", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2008-217-01.NASL", "href": "https://www.tenable.com/plugins/nessus/33824", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-217-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33824);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_bugtraq_id(28715, 30491);\n script_xref(name:\"SSA\", value:\"2008-217-01\");\n\n script_name(english:\"Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New python packages are available for Slackware 10.1, 10.2, 11.0,\n12.0, 12.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?41912d97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected python, python-demo and / or python-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.1\", pkgname:\"python\", pkgver:\"2.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"python-demo\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.1\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"python-tools\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"python\", pkgver:\"2.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"python-demo\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"python-tools\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"python\", pkgver:\"2.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"python\", pkgver:\"2.5.2\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"python\", pkgver:\"2.5.2\", pkgarch:\"i486\", pkgnum:\"2_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"python\", pkgver:\"2.5.2\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:04", "description": "The remote host is affected by the vulnerability described in GLSA-200807-01 (Python: Multiple integer overflows)\n\n Multiple vulnerabilities were discovered in Python:\n David Remahl reported multiple integer overflows in the file imageop.c, leading to a heap-based buffer overflow (CVE-2008-1679). This issue is due to an incomplete fix for CVE-2007-4965.\n Justin Ferguson discovered that an integer signedness error in the zlib extension module might trigger insufficient memory allocation and a buffer overflow via a negative signed integer (CVE-2008-1721).\n Justin Ferguson discovered that insufficient input validation in the PyString_FromStringAndSize() function might lead to a buffer overflow (CVE-2008-1887).\n Impact :\n\n A remote attacker could exploit these vulnerabilities to cause a Denial of Service or possibly the remote execution of arbitrary code with the privileges of the user running Python.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2008-07-08T00:00:00", "type": "nessus", "title": "GLSA-200807-01 : Python: Multiple integer overflows", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:python", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200807-01.NASL", "href": "https://www.tenable.com/plugins/nessus/33421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200807-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33421);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\");\n script_bugtraq_id(28715, 28749);\n script_xref(name:\"GLSA\", value:\"200807-01\");\n\n script_name(english:\"GLSA-200807-01 : Python: Multiple integer overflows\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200807-01\n(Python: Multiple integer overflows)\n\n Multiple vulnerabilities were discovered in Python:\n David\n Remahl reported multiple integer overflows in the file imageop.c,\n leading to a heap-based buffer overflow (CVE-2008-1679). This issue is\n due to an incomplete fix for CVE-2007-4965.\n Justin Ferguson\n discovered that an integer signedness error in the zlib extension\n module might trigger insufficient memory allocation and a buffer\n overflow via a negative signed integer (CVE-2008-1721).\n Justin\n Ferguson discovered that insufficient input validation in the\n PyString_FromStringAndSize() function might lead to a buffer overflow\n (CVE-2008-1887).\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities to cause a Denial\n of Service or possibly the remote execution of arbitrary code with the\n privileges of the user running Python.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200807-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"The imageop module is no longer built in the unaffected versions.\n All Python 2.3 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.3.6-r6'\n All Python 2.4 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r13'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/python\", unaffected:make_list(\"rge 2.3.6-r6\", \"ge 2.4.4-r13\"), vulnerable:make_list(\"lt 2.4.4-r13\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Python\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:55", "description": "Secunia reports :\n\nSome vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.\n\nVarious integer overflow errors exist in core modules e.g.\nstringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.\n\nAn integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.\n\nInteger overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems.\n\nAn integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a 'vsnprintf()' function.\n\nAn integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.", "cvss3": {}, "published": "2008-09-11T00:00:00", "type": "nessus", "title": "FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3144"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:python23", "p-cpe:/a:freebsd:freebsd:python24", "p-cpe:/a:freebsd:freebsd:python25", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0DCCAA287F3C11DD8DE50030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/34164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34164);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_xref(name:\"Secunia\", value:\"31305\");\n\n script_name(english:\"FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nSome vulnerabilities have been reported in Python, where some have\nunknown impact and others can potentially be exploited by malicious\npeople to cause a DoS (Denial of Service) or to compromise a\nvulnerable system.\n\nVarious integer overflow errors exist in core modules e.g.\nstringobject, unicodeobject, bufferobject, longobject, tupleobject,\nstropmodule, gcmodule, mmapmodule.\n\nAn integer overflow in the hashlib module can lead to an unreliable\ncryptographic digest results.\n\nInteger overflow errors in the processing of unicode strings can be\nexploited to cause buffer overflows on 32-bit systems.\n\nAn integer overflow exists in the PyOS_vsnprintf() function on\narchitectures that do not have a 'vsnprintf()' function.\n\nAn integer underflow error in the PyOS_vsnprintf() function when\npassing zero-length strings can lead to memory corruption.\"\n );\n # http://bugs.python.org/issue2620\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue2620\"\n );\n # http://bugs.python.org/issue2588\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue2588\"\n );\n # http://bugs.python.org/issue2589\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue2589\"\n );\n # http://mail.python.org/pipermail/python-checkins/2008-July/072276.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1441e508\"\n );\n # http://mail.python.org/pipermail/python-checkins/2008-July/072174.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1afed817\"\n );\n # http://mail.python.org/pipermail/python-checkins/2008-June/070481.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ccf8890\"\n );\n # https://vuxml.freebsd.org/freebsd/0dccaa28-7f3c-11dd-8de5-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5cff4b0e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python25\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"python24<2.4.5_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python25<2.5.2_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python23>0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:13", "description": "Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script.\n(CVE-2007-2052)\n\nA flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash. (CVE-2007-4965).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-03-13T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : python2.4/2.5 vulnerabilities (USN-585-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2052", "CVE-2007-4965"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:idle-python2.4", "p-cpe:/a:canonical:ubuntu_linux:idle-python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.4", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.4-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.4-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm", "p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:python2.4-tk", "p-cpe:/a:canonical:ubuntu_linux:python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.5-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.5-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:6.10", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10"], "id": "UBUNTU_USN-585-1.NASL", "href": "https://www.tenable.com/plugins/nessus/31461", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-585-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(31461);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(25696);\n script_xref(name:\"USN\", value:\"585-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : python2.4/2.5 vulnerabilities (USN-585-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Piotr Engelking discovered that strxfrm in Python was not correctly\ncalculating the size of the destination buffer. This could lead to\nsmall information leaks, which might be used by attackers to gain\nadditional knowledge about the state of a running Python script.\n(CVE-2007-2052)\n\nA flaw was discovered in the Python imageop module. If a script using\nthe module could be tricked into processing a specially crafted set of\narguments, a remote attacker could execute arbitrary code, or cause\nthe application to crash. (CVE-2007-4965).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/585-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"idle-python2.4\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dev\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-doc\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-examples\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-gdbm\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-tk\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"idle-python2.5\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-dbg\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-dev\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-doc\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-examples\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-minimal\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"idle-python2.4 / idle-python2.5 / python2.4 / python2.4-dbg / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:22", "description": "Integer Overflows in the python imageop module and in the expandtabs method potentially allowed attackers to execute arbitrary code.\n(CVE-2008-4864 / CVE-2008-5031)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Python (ZYPP Patch Number 5837)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PYTHON-5837.NASL", "href": "https://www.tenable.com/plugins/nessus/41581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41581);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4864\", \"CVE-2008-5031\");\n\n script_name(english:\"SuSE 10 Security Update : Python (ZYPP Patch Number 5837)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer Overflows in the python imageop module and in the expandtabs\nmethod potentially allowed attackers to execute arbitrary code.\n(CVE-2008-4864 / CVE-2008-5031)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4864.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5031.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5837.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-curses-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-devel-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-gdbm-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-tk-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-xml-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-curses-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-demo-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-devel-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-gdbm-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-idle-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-tk-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-xml-2.4.2-18.25\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.25\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:48", "description": "Integer overflows in the python imageop module and in the expandtabs method potentially allowed attackers to execute arbitrary code.\n(CVE-2008-4864, CVE-2008-5031)", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Python (YOU Patch Number 12316)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-4864", "CVE-2008-5031"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12316.NASL", "href": "https://www.tenable.com/plugins/nessus/41260", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41260);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4864\", \"CVE-2008-5031\");\n\n script_name(english:\"SuSE9 Security Update : Python (YOU Patch Number 12316)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflows in the python imageop module and in the expandtabs\nmethod potentially allowed attackers to execute arbitrary code.\n(CVE-2008-4864, CVE-2008-5031)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4864.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-5031.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12316.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \&