Mandriva Update for python MDVSA-2012:096 (python)

Mandriva Update for python MDVSA-2012:096 (python). Multiple vulnerabilities discovered and corrected in python related to _ssl module, SimpleHTTPServer module, distutils module, SimpleXMLRPCServer module, hash table collisions, and arrays. The updated packages have been patched

Reporter	Title	Published	Views	Family All 858
0day.today	Splunk 4.3.x Denial Of Service	2 Nov 201200:00	–	zdt
FreeBSD	fetchmail -- chosen plaintext attack against SSL CBC initialization vectors	19 Jan 201200:00	–	freebsd
FreeBSD	asterisk -- Multiple vulnerabilities	3 Feb 201600:00	–	freebsd
FreeBSD	python 2.7 -- multiple vulnerabilities	1 May 201800:00	–	freebsd
FreeBSD	Python 2.7 -- multiple vulnerabilities	26 Aug 201700:00	–	freebsd
FreeBSD	Python -- DoS via malformed XML-RPC / HTTP POST request	13 Feb 201200:00	–	freebsd
FreeBSD	expat -- multiple vulnerabilities	18 Mar 201600:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple expat vulnerabilities	18 Jun 201801:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM)	31 Jan 201902:25	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Transport Layer Security Protocol Used in IBM System Networking Ethernet Switches (CVE-2011-3389)	26 Sep 202222:21	–	ibm

Source	Link
mandriva	www.mandriva.com/en/support/security/advisories/

###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for python MDVSA-2012:096 (python)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Multiple vulnerabilities has been discovered and corrected in python:

  The _ssl module would always disable the CBC IV attack countermeasure
  (CVE-2011-3389).

  A flaw was found in the way the Python SimpleHTTPServer module
  generated directory listings. An attacker able to upload a file
  with a specially-crafted name to a server could possibly perform a
  cross-site scripting (XSS) attack against victims visiting a listing
  page generated by SimpleHTTPServer, for a directory containing
  the crafted file (if the victims were using certain web browsers)
  (CVE-2011-4940).

  A race condition was found in the way the Python distutils module
  set file permissions during the creation of the .pypirc file. If a
  local user had access to the home directory of another user who is
  running distutils, they could use this flaw to gain access to that
  user&#039;s .pypirc file, which can contain usernames and passwords for
  code repositories (CVE-2011-4944).

  A flaw was found in the way the Python SimpleXMLRPCServer module
  handled clients disconnecting prematurely. A remote attacker could
  use this flaw to cause excessive CPU consumption on a server using
  SimpleXMLRPCServer (CVE-2012-0845).

  Hash table collisions CPU usage DoS for the embedded copy of expat
  (CVE-2012-0876).

  A denial of service flaw was found in the implementation of associative
  arrays (dictionaries) in Python. An attacker able to supply a large
  number of inputs to a Python application (such as HTTP POST request
  parameters sent to a web application) that are used as keys when
  inserting data into an array could trigger multiple hash function
  collisions, making array operations take an excessive amount of
  CPU time. To mitigate this issue, randomization has been added to
  the hash function to reduce the chance of an attacker successfully
  causing intentional collisions (CVE-2012-1150).

  The updated packages have been patched to correct these issues.";

tag_affected = "python on Mandriva Linux 2010.1";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:096");
  script_id(831686);
  script_version("$Revision: 8257 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $");
  script_tag(name:"creation_date", value:"2012-06-22 10:32:57 +0530 (Fri, 22 Jun 2012)");
  script_cve_id("CVE-2011-3389", "CVE-2011-4940", "CVE-2011-4944",
                "CVE-2012-0845", "CVE-2012-0876", "CVE-2012-1150");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_xref(name: "MDVSA", value: "2012:096");
  script_name("Mandriva Update for python MDVSA-2012:096 (python)");

  script_tag(name: "summary" , value: "Check for the Version of python");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2010.1")
{

  if ((res = isrpmvuln(pkg:"libpython2.6", rpm:"libpython2.6~2.6.5~2.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"libpython2.6-devel", rpm:"libpython2.6-devel~2.6.5~2.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"python", rpm:"python~2.6.5~2.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"python-docs", rpm:"python-docs~2.6.5~2.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tkinter", rpm:"tkinter~2.6.5~2.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"tkinter-apps", rpm:"tkinter-apps~2.6.5~2.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64python2.6", rpm:"lib64python2.6~2.6.5~2.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"lib64python2.6-devel", rpm:"lib64python2.6-devel~2.6.5~2.5mdv2010.2", rls:"MNDK_2010.1")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

29 Dec 2017 00:00Current

8High risk

Vulners AI Score8

EPSS0.03832