Vulnerabilities > CVE-2007-4965 - Integer Overflow or Wraparound vulnerability in Python

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
python
CWE-190
nessus
exploit available

Summary

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Exploit-Db

descriptionPython 2.2 ImageOP Module Multiple Integer Overflow Vulnerabilities. CVE-2007-4965. Dos exploits for multiple platform
idEDB-ID:30592
last seen2016-02-03
modified2007-09-17
published2007-09-17
reporterSlythers Bro
sourcehttps://www.exploit-db.com/download/30592/
titlePython 2.2 ImageOP Module Multiple Integer Overflow Vulnerabilities

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2007-009.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2007-009 applied. This update contains several security fixes for a large number of programs.
    last seen2020-06-01
    modified2020-06-02
    plugin id29723
    published2007-12-18
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29723
    titleMac OS X Multiple Vulnerabilities (Security Update 2007-009)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29723);
      script_version("1.27");
      script_cvs_date("Date: 2018/07/14  1:59:35");
    
      script_cve_id("CVE-2006-0024", "CVE-2007-1218", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661",
                    "CVE-2007-1662", "CVE-2007-3798", "CVE-2007-3876", "CVE-2007-4131", "CVE-2007-4351",
                    "CVE-2007-4572", "CVE-2007-4708", "CVE-2007-4709", "CVE-2007-4710", "CVE-2007-4766",
                    "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4965", "CVE-2007-5116", "CVE-2007-5379",
                    "CVE-2007-5380", "CVE-2007-5398", "CVE-2007-5476", "CVE-2007-5770", "CVE-2007-5847",
                    "CVE-2007-5848", "CVE-2007-5849", "CVE-2007-5850", "CVE-2007-5851", "CVE-2007-5853",
                    "CVE-2007-5854", "CVE-2007-5855", "CVE-2007-5856", "CVE-2007-5857", "CVE-2007-5858",
                    "CVE-2007-5859", "CVE-2007-5860", "CVE-2007-5861", "CVE-2007-5863", "CVE-2007-6077",
                    "CVE-2007-6165");
      script_bugtraq_id(17106, 22772, 24965, 25417, 25696, 26096, 26268, 26274, 26346,
                        26350, 26421, 26454, 26455, 26510, 26598, 26908, 26910, 26926);
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2007-009)");
      script_summary(english:"Check for the presence of Security Update 2007-009");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.5 or 10.4 that does
    not have Security Update 2007-009 applied. 
    
    This update contains several security fixes for a large number of
    programs.");
      script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307179");
      script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/13649");
      script_set_attribute(attribute:"solution", value:"Install Security Update 2007-009.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Mail.app Image Attachment Command Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(16, 20, 22, 79, 119, 134, 189, 200, 264, 287, 310, 362, 399);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if ( ! uname ) exit(0);
    if ( egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname) )
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if ( ! packages ) exit(0);
      if (!egrep(pattern:"^SecUpd(Srvr)?(2007-009|200[89]-|20[1-9][0-9]-)", string:packages))
        security_hole(0);
    }
    else if ( egrep(pattern:"Darwin.* (9\.[01]\.)", string:uname) )
    {
     packages = get_kb_item("Host/MacOSX/packages/boms");
     if ( ! packages ) exit(0);
     if ( !egrep(pattern:"^com\.apple\.pkg\.update\.security\.2007\.009\.bom", string:packages) )
    	security_hole(0);
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PYTHON-4900.NASL
    descriptionSpecially crafted images could trigger an integer overflow in the imageop module (CVE-2007-4965).
    last seen2020-06-01
    modified2020-06-02
    plugin id30145
    published2008-02-01
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30145
    titleopenSUSE 10 Security Update : python (python-4900)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update python-4900.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(30145);
      script_version ("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2007-4965");
    
      script_name(english:"openSUSE 10 Security Update : python (python-4900)");
      script_summary(english:"Check for the python-4900 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Specially crafted images could trigger an integer overflow in the
    imageop module (CVE-2007-4965)."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-idle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"python-2.4.2-18.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"python-curses-2.4.2-18.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"python-demo-2.4.2-18.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"python-devel-2.4.2-18.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"python-gdbm-2.4.2-18.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"python-idle-2.4.2-18.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"python-tk-2.4.2-18.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"python-xml-2.4.2-18.13") ) flag++;
    if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"python-32bit-2.4.2-18.13") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"python-2.5-19.6") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"python-curses-2.5-19.6") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"python-demo-2.5-19.6") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"python-devel-2.5-19.6") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"python-gdbm-2.5-19.6") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"python-idle-2.5-19.6") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"python-tk-2.5-19.6") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"python-xml-2.5-19.6") ) flag++;
    if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"python-32bit-2.5-19.6") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"python-2.5.1-39.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"python-curses-2.5.1-39.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"python-demo-2.5.1-39.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"python-devel-2.5.1-39.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"python-gdbm-2.5.1-39.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"python-idle-2.5.1-39.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"python-tk-2.5.1-39.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"python-xml-2.5.1-39.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"python-32bit-2.5.1-39.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-32bit / python-curses / python-demo / python-devel / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1076.NASL
    descriptionFrom Red Hat Security Advisory 2007:1076 : Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id67614
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67614
    titleOracle Linux 3 / 4 : python (ELSA-2007-1076)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:1076 and 
    # Oracle Linux Security Advisory ELSA-2007-1076 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67614);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2006-7228", "CVE-2007-2052", "CVE-2007-4965");
      script_bugtraq_id(25696, 26462);
      script_xref(name:"RHSA", value:"2007:1076");
    
      script_name(english:"Oracle Linux 3 / 4 : python (ELSA-2007-1076)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:1076 :
    
    Updated python packages that fix several security issues are now
    available for Red Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Python is an interpreted, interactive, object-oriented programming
    language.
    
    An integer overflow flaw was discovered in the way Python's pcre
    module handled certain regular expressions. If a Python application
    used the pcre module to compile and execute untrusted regular
    expressions, it may be possible to cause the application to crash, or
    allow arbitrary code execution with the privileges of the Python
    interpreter. (CVE-2006-7228)
    
    A flaw was discovered in the strxfrm() function of Python's locale
    module. Strings generated by this function were not properly
    NULL-terminated. This may possibly cause disclosure of data stored in
    the memory of a Python application using this function.
    (CVE-2007-2052)
    
    Multiple integer overflow flaws were discovered in Python's imageop
    module. If an application written in Python used the imageop module to
    process untrusted images, it could cause the application to crash,
    enter an infinite loop, or possibly execute arbitrary code with the
    privileges of the Python interpreter. (CVE-2007-4965)
    
    Users of Python are advised to upgrade to these updated packages,
    which contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000441.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000443.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"python-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"python-devel-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-devel-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"python-tools-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-tools-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"tkinter-2.2.3-6.8")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"tkinter-2.2.3-6.8")) flag++;
    
    if (rpm_check(release:"EL4", cpu:"i386", reference:"python-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"python-devel-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-devel-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"python-docs-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-docs-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"python-tools-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-tools-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"tkinter-2.3.4-14.4.el4_6.1")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"tkinter-2.3.4-14.4.el4_6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-docs / python-tools / tkinter");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0264.NASL
    descriptionRed Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43836
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43836
    titleRHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1176.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id40400
    published2009-07-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40400
    titleRHEL 5 : python (RHSA-2009:1176)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12046.NASL
    descriptionSpecially crafted images could trigger an integer overflow in the imageop module. (CVE-2007-4965)
    last seen2020-06-01
    modified2020-06-02
    plugin id41186
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41186
    titleSuSE9 Security Update : Python (YOU Patch Number 12046)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. (CVE-2007-4965) - Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context- dependent attackers to defeat cryptographic digests, related to partial hashlib hashing of data exceeding 4GB. (CVE-2008-2316) - Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. (CVE-2008-5983) - Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context- dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. (CVE-2010-1634) - The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one- byte string, a different vulnerability than CVE-2010-1634. (CVE-2010-2089) - The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id127154
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127154
    titleNewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
    last seen2020-06-01
    modified2020-06-02
    plugin id35684
    published2009-02-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35684
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-001)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1176.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id43771
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43771
    titleCentOS 5 : python (CESA-2009:1176)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-2663.NASL
    descriptionThis update fixes: Multiple integer overflows in the imageop module (#295971) Also included are a dependency fix on binutils (#307221), so the ctypes module works, and a tkinter fix when dealing with zero length text in some widgets (#281751). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27785
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27785
    titleFedora 7 : python-2.5-14.fc7 (2007-2663)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-003.NASL
    descriptionMultiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. (CVE-2008-4864) Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031) The updated Python packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36693
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36693
    titleMandriva Linux Security Advisory : python (MDVSA-2009:003)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1176.NASL
    descriptionFrom Red Hat Security Advisory 2009:1176 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id67896
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67896
    titleOracle Linux 5 : python (ELSA-2009-1176)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-013.NASL
    descriptionMultiple integer overflows were found in python
    last seen2020-06-01
    modified2020-06-02
    plugin id37485
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37485
    titleMandriva Linux Security Advisory : python (MDVSA-2008:013)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2008-0003.NASL
    descriptionI Updated ESX driver a. Updated aacraid driver This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue. II Service Console package security updates a. Samba Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue. b. Python Chris Evans of the Google security research team discovered an integer overflow issue with the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id40374
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40374
    titleVMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1620.NASL
    descriptionSeveral vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. - CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. - CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. - CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id33740
    published2008-07-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33740
    titleDebian DSA-1620-1 : python2.5 - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PYTHON-4902.NASL
    descriptionSpecially crafted images could trigger an integer overflow in the imageop module. (CVE-2007-4965)
    last seen2020-06-01
    modified2020-06-02
    plugin id30146
    published2008-02-01
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30146
    titleSuSE 10 Security Update : Python (ZYPP Patch Number 4902)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090727_PYTHON_FOR_SL5_X.NASL
    descriptionWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id60622
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60622
    titleScientific Linux Security Update : python for SL5.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1076.NASL
    descriptionUpdated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id29255
    published2007-12-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29255
    titleCentOS 3 / 4 : python (CESA-2007:1076)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-585-1.NASL
    descriptionPiotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script. (CVE-2007-2052) A flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash. (CVE-2007-4965). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31461
    published2008-03-13
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31461
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : python2.4/2.5 vulnerabilities (USN-585-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1551.NASL
    descriptionSeveral vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. - CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. - CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. - CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id32006
    published2008-04-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32006
    titleDebian DSA-1551-1 : python2.4 - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200711-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200711-07 (Python: User-assisted execution of arbitrary code) Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo() method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Impact : A remote attacker could entice a user to process specially crafted images with an application using the Python imageop module, resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Note that this vulnerability may or may not be exploitable, depending on the application using the module. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id27824
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27824
    titleGLSA-200711-07 : Python: User-assisted execution of arbitrary code
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0525.NASL
    descriptionRed Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a
    last seen2020-06-01
    modified2020-06-02
    plugin id43838
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43838
    titleRHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200807-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200807-01 (Python: Multiple integer overflows) Multiple vulnerabilities were discovered in Python: David Remahl reported multiple integer overflows in the file imageop.c, leading to a heap-based buffer overflow (CVE-2008-1679). This issue is due to an incomplete fix for CVE-2007-4965. Justin Ferguson discovered that an integer signedness error in the zlib extension module might trigger insufficient memory allocation and a buffer overflow via a negative signed integer (CVE-2008-1721). Justin Ferguson discovered that insufficient input validation in the PyString_FromStringAndSize() function might lead to a buffer overflow (CVE-2008-1887). Impact : A remote attacker could exploit these vulnerabilities to cause a Denial of Service or possibly the remote execution of arbitrary code with the privileges of the user running Python. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id33421
    published2008-07-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33421
    titleGLSA-200807-01 : Python: Multiple integer overflows
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1076.NASL
    descriptionUpdated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id29301
    published2007-12-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29301
    titleRHEL 3 / 4 : python (RHSA-2007:1076)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-163.NASL
    descriptionMultiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). He also reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142). Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143). Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144). The updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package.
    last seen2020-06-01
    modified2020-06-02
    plugin id37212
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37212
    titleMandriva Linux Security Advisory : python (MDVSA-2008:163)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0629.NASL
    descriptionRed Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function
    last seen2020-06-01
    modified2020-06-02
    plugin id43839
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43839
    titleRHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071210_PYTHON_ON_SL4_X.NASL
    descriptionAn integer overflow flaw was discovered in the way Python
    last seen2020-06-01
    modified2020-06-02
    plugin id60327
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60327
    titleScientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64

Oval

  • accepted2013-04-29T04:08:56.150-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionMultiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
    familyunix
    idoval:org.mitre.oval:def:10804
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMultiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
    version27
  • accepted2014-01-20T04:01:39.548-05:00
    classvulnerability
    contributors
    • namePai Peng
      organizationHewlett-Packard
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    • commentVMWare ESX Server 3.0.3 is installed
      ovaloval:org.mitre.oval:def:6026
    • commentVMware ESX Server 3.5.0 is installed
      ovaloval:org.mitre.oval:def:5887
    • commentVMware ESX Server 4.0 is installed
      ovaloval:org.mitre.oval:def:6293
    descriptionMultiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
    familyunix
    idoval:org.mitre.oval:def:8486
    statusaccepted
    submitted2010-03-19T16:57:59.000-04:00
    titleVMware python integer overflows vulnerability in the imageop module
    version7
  • accepted2010-03-01T04:00:29.099-05:00
    classvulnerability
    contributors
    namePai Peng
    organizationHewlett-Packard
    definition_extensions
    • commentSolaris 10 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1440
    • commentSolaris 10 (x86) is installed
      ovaloval:org.mitre.oval:def:1926
    descriptionMultiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
    familyunix
    idoval:org.mitre.oval:def:8496
    statusaccepted
    submitted2010-01-19T17:52:34.000-05:00
    titleMultiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
    version35

Redhat

advisories
  • bugzilla
    id383371
    titleCVE-2006-7228 pcre integer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commenttkinter is earlier than 0:2.3.4-14.4.el4_6.1
            ovaloval:com.redhat.rhsa:tst:20071076001
          • commenttkinter is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197010
        • AND
          • commentpython is earlier than 0:2.3.4-14.4.el4_6.1
            ovaloval:com.redhat.rhsa:tst:20071076003
          • commentpython is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197002
        • AND
          • commentpython-tools is earlier than 0:2.3.4-14.4.el4_6.1
            ovaloval:com.redhat.rhsa:tst:20071076005
          • commentpython-tools is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197006
        • AND
          • commentpython-devel is earlier than 0:2.3.4-14.4.el4_6.1
            ovaloval:com.redhat.rhsa:tst:20071076007
          • commentpython-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197008
        • AND
          • commentpython-docs is earlier than 0:2.3.4-14.4.el4_6.1
            ovaloval:com.redhat.rhsa:tst:20071076009
          • commentpython-docs is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197004
    rhsa
    idRHSA-2007:1076
    released2007-12-10
    severityModerate
    titleRHSA-2007:1076: python security update (Moderate)
  • rhsa
    idRHSA-2008:0629
rpms
  • python-0:2.2.3-6.8
  • python-0:2.3.4-14.4.el4_6.1
  • python-debuginfo-0:2.2.3-6.8
  • python-debuginfo-0:2.3.4-14.4.el4_6.1
  • python-devel-0:2.2.3-6.8
  • python-devel-0:2.3.4-14.4.el4_6.1
  • python-docs-0:2.3.4-14.4.el4_6.1
  • python-tools-0:2.2.3-6.8
  • python-tools-0:2.3.4-14.4.el4_6.1
  • tkinter-0:2.2.3-6.8
  • tkinter-0:2.3.4-14.4.el4_6.1
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.1.1-3
  • rhn_solaris_bootstrap_5_1_1_3-0:1-0
  • python-0:2.4.3-24.el5_3.6
  • python-debuginfo-0:2.4.3-24.el5_3.6
  • python-devel-0:2.4.3-24.el5_3.6
  • python-tools-0:2.4.3-24.el5_3.6
  • tkinter-0:2.4.3-24.el5_3.6

Statements

contributorJoshua Bressers
lastmodified2007-10-15
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

References