Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone Networks GmbHOPENVAS:840343
HistoryMar 23, 2009 - 12:00 a.m.

Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1

2009-03-2300:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
9

0.101 Low

EPSS

Percentile

94.3%

JSON

Ubuntu Update for Linux kernel vulnerabilities USN-632-1

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_632_1.nasl 7969 2017-12-01 09:23:16Z santu $
#
# Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "It was discovered that there were new integer overflows in the imageop
  module.  If an attacker were able to trick a Python application into
  processing a specially crafted image, they could execute arbitrary code
  with user privileges. (CVE-2008-1679)

  Justin Ferguson discovered that the zlib module did not correctly
  handle certain archives.  If an attacker were able to trick a Python
  application into processing a specially crafted archive file, they could
  execute arbitrary code with user privileges. (CVE-2008-1721)
  
  Justin Ferguson discovered that certain string manipulations in Python
  could be made to overflow.  If an attacker were able to pass a specially
  crafted string through the PyString_FromStringAndSize function, they
  could execute arbitrary code with user privileges. (CVE-2008-1887)
  
  Multiple integer overflows were discovered in Python's core and modules
  including hashlib, binascii, pickle, md5, stringobject, unicodeobject,
  bufferobject, longobject, tupleobject, stropmodule, gcmodule, and
  mmapmodule.  If an attacker were able to exploit these flaws they could
  execute arbitrary code with user privileges or cause Python applications
  to crash, leading to a denial of service. (CVE-2008-2315, CVE-2008-2316,
  CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).";

tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-632-1";
tag_affected = "python2.4, python2.5 vulnerabilities on Ubuntu 6.06 LTS ,
  Ubuntu 7.04 ,
  Ubuntu 7.10 ,
  Ubuntu 8.04 LTS";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-632-1/");
  script_id(840343);
  script_version("$Revision: 7969 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $");
  script_tag(name:"creation_date", value:"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_xref(name: "USN", value: "632-1");
  script_cve_id("CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144");
  script_name( "Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-deb.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "UBUNTU6.06 LTS")
{

  if ((res = isdpkgvuln(pkg:"python2.4-dbg", ver:"2.4.3-0ubuntu6.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-dev", ver:"2.4.3-0ubuntu6.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-gdbm", ver:"2.4.3-0ubuntu6.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-minimal", ver:"2.4.3-0ubuntu6.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-tk", ver:"2.4.3-0ubuntu6.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4", ver:"2.4.3-0ubuntu6.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"idle-python2.4", ver:"2.4.3-0ubuntu6.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-doc", ver:"2.4.3-0ubuntu6.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-examples", ver:"2.4.3-0ubuntu6.2", rls:"UBUNTU6.06 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU7.04")
{

  if ((res = isdpkgvuln(pkg:"python2.4-dbg", ver:"2.4.4-2ubuntu7.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-dev", ver:"2.4.4-2ubuntu7.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-minimal", ver:"2.4.4-2ubuntu7.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4", ver:"2.4.4-2ubuntu7.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-dbg", ver:"2.5.1-0ubuntu1.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-dev", ver:"2.5.1-0ubuntu1.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-minimal", ver:"2.5.1-0ubuntu1.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5", ver:"2.5.1-0ubuntu1.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-doc", ver:"2.4.4-2ubuntu7.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-examples", ver:"2.4.4-2ubuntu7.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-doc", ver:"2.5.1-0ubuntu1.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-examples", ver:"2.5.1-0ubuntu1.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"idle-python2.4", ver:"2.4.4-2ubuntu7.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"idle-python2.5", ver:"2.5.1-0ubuntu1.2", rls:"UBUNTU7.04")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU8.04 LTS")
{

  if ((res = isdpkgvuln(pkg:"python2.4-dbg", ver:"2.4.5-1ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-dev", ver:"2.4.5-1ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-minimal", ver:"2.4.5-1ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4", ver:"2.4.5-1ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-dbg", ver:"2.5.2-2ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-dev", ver:"2.5.2-2ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-minimal", ver:"2.5.2-2ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5", ver:"2.5.2-2ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-doc", ver:"2.4.5-1ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-examples", ver:"2.4.5-1ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-doc", ver:"2.5.2-2ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-examples", ver:"2.5.2-2ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"idle-python2.4", ver:"2.4.5-1ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"idle-python2.5", ver:"2.5.2-2ubuntu4.1", rls:"UBUNTU8.04 LTS")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "UBUNTU7.10")
{

  if ((res = isdpkgvuln(pkg:"python2.4-dbg", ver:"2.4.4-6ubuntu4.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-dev", ver:"2.4.4-6ubuntu4.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-minimal", ver:"2.4.4-6ubuntu4.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4", ver:"2.4.4-6ubuntu4.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-dbg", ver:"2.5.1-5ubuntu5.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-dev", ver:"2.5.1-5ubuntu5.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-minimal", ver:"2.5.1-5ubuntu5.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5", ver:"2.5.1-5ubuntu5.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-doc", ver:"2.4.4-6ubuntu4.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.4-examples", ver:"2.4.4-6ubuntu4.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-doc", ver:"2.5.1-5ubuntu5.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"python2.5-examples", ver:"2.5.1-5ubuntu5.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"idle-python2.4", ver:"2.4.4-6ubuntu4.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isdpkgvuln(pkg:"idle-python2.5", ver:"2.5.1-5ubuntu5.2", rls:"UBUNTU7.10")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

Related

openvas 57
ubuntu 1
nessus 38
slackware 1
securityvulns 4
seebug 3
gentoo 2
redhat 3
oraclelinux 4
freebsd 2
osv 4
debian 4
centos 2
prion 12
ubuntucve 12
cve 12
veracode 7
debiancve 2
vmware 2
openvas
openvas
Ubuntu: Security Advisory (USN-632-1)
2009-03-23 00:00:00
SLES10: Security update for Python
2009-10-13 00:00:00
SLES9: Security update for Python
2009-10-10 00:00:00
ubuntu
ubuntu
Python vulnerabilities
2008-08-01 00:00:00
nessus
nessus
openSUSE 10 Security Update : python (python-5491)
2008-08-17 00:00:00
SuSE9 Security Update : Python (YOU Patch Number 12215)
2009-09-24 00:00:00
openSUSE Security Update : python (python-128)
2009-07-21 00:00:00
slackware
slackware
[slackware-security] python
2008-08-04 20:55:27
securityvulns
securityvulns
[ GLSA 200807-16 ] Python: Multiple vulnerabilities
2008-08-01 00:00:00
Python multiple security vulnerabilities
2008-08-01 00:00:00
Python zlib module buffer overflow
2008-04-10 00:00:00
seebug
seebug
Python多个整数溢出漏洞
2008-08-06 00:00:00
Python存在多个缓冲区溢出漏洞
2008-08-07 00:00:00
Python 'stringobject.c'多个远程缓冲区溢出漏洞
2013-02-03 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2008-07-31 00:00:00
Python: Multiple integer overflows
2008-07-01 00:00:00
redhat
redhat
(RHSA-2009:1177) Moderate: python security update
2009-07-27 00:00:00
(RHSA-2009:1178) Moderate: python security update
2009-07-27 00:00:00
(RHSA-2009:1176) Moderate: python security update
2009-07-27 00:00:00
oraclelinux
oraclelinux
python security update
2009-07-27 00:00:00
python security update
2009-07-27 00:00:00
python security update
2009-07-27 00:00:00
freebsd
freebsd
python -- multiple vulnerabilities
2008-08-04 00:00:00
python -- Integer Signedness Error in zlib Module
2008-04-10 00:00:00
osv
osv
python2.4 - several vulnerabilities
2008-11-19 00:00:00
python2.5 - several vulnerabilities
2008-07-27 00:00:00
python2.4 - several vulnerabilities
2008-04-19 00:00:00
debian
debian
[SECURITY] [DSA 1667-1] New python2.4 packages fix several vulnerabilities
2008-11-19 18:23:36
[SECURITY] [DSA 1551-1] New python2.4 packages fix several vulnerabilities
2008-04-19 16:45:03
[SECURITY] [DSA 1620-1] New python2.5 packages fix several vulnerabilities
2008-07-27 13:13:22
centos
centos
python, tkinter security update
2009-07-27 15:25:44
python, tkinter security update
2009-07-29 17:31:50
prion
prion
Integer overflow
2008-08-01 14:41:00
Buffer overflow
2008-04-18 17:05:00
Integer overflow
2008-04-10 19:05:00
ubuntucve
ubuntucve
CVE-2008-2316
2008-08-01 00:00:00
CVE-2008-1887
2008-04-18 00:00:00
CVE-2008-1721
2008-04-10 00:00:00
cve
cve
CVE-2008-2316
2008-08-01 14:41:00
CVE-2008-1887
2008-04-18 17:05:00
CVE-2008-3142
2008-08-01 14:41:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:35:08
Denial Of Service (DoS)
2020-04-10 00:35:08
Arbitrary Code Execution
2020-04-10 00:35:08
debiancve
debiancve
CVE-2010-1634
2010-05-27 19:30:00
CVE-2010-1449
2010-05-27 19:30:00
vmware
vmware
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
2009-11-20 00:00:00

0.101 Low

EPSS

Percentile

94.3%

JSON
Related for OPENVAS:840343
openvas57ubuntu1nessus38slackware1securityvulns4seebug3gentoo2redhat3oraclelinux4freebsd2osv4debian4centos2prion12ubuntucve12cve12veracode7debiancve2vmware2