Vulnerabilities > CVE-2008-2316 - Numeric Errors vulnerability in Python
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_12215.NASL description This update of python fixes several security vulnerabilities. (CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too. last seen 2020-06-01 modified 2020-06-02 plugin id 41229 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41229 title SuSE9 Security Update : Python (YOU Patch Number 12215) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41229); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"); script_name(english:"SuSE9 Security Update : Python (YOU Patch Number 12215)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of python fixes several security vulnerabilities. (CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too." ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1679.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1887.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2315.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2316.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3142.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3143.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-3144.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12215."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"python-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-curses-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-demo-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-devel-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-doc-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-doc-pdf-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-gdbm-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-idle-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-mpz-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-tk-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", reference:"python-xml-2.3.3-88.24")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"python-32bit-9-200808010009")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL description The remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. (CVE-2007-4965) - Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context- dependent attackers to defeat cryptographic digests, related to partial hashlib hashing of data exceeding 4GB. (CVE-2008-2316) - Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. (CVE-2008-5983) - Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context- dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. (CVE-2010-1634) - The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one- byte string, a different vulnerability than CVE-2010-1634. (CVE-2010-2089) - The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 127154 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127154 title NewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0008. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127154); script_version("1.3"); script_cvs_date("Date: 2019/09/24 11:01:33"); script_cve_id( "CVE-2007-4965", "CVE-2008-2316", "CVE-2008-5983", "CVE-2010-1634", "CVE-2010-2089", "CVE-2013-4238" ); script_name(english:"NewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. (CVE-2007-4965) - Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context- dependent attackers to defeat cryptographic digests, related to partial hashlib hashing of data exceeding 4GB. (CVE-2008-2316) - Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. (CVE-2008-5983) - Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context- dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. (CVE-2010-1634) - The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one- byte string, a different vulnerability than CVE-2010-1634. (CVE-2010-2089) - The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in- the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2013-4238) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0008"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL python packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-2316"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/18"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL MAIN 5.04": [ "python-2.7.5-58.el7.cgslv5.0.1.g6d96868", "python-debug-2.7.5-58.el7.cgslv5.0.1.g6d96868", "python-debuginfo-2.7.5-58.el7.cgslv5.0.1.g6d96868", "python-devel-2.7.5-58.el7.cgslv5.0.1.g6d96868", "python-libs-2.7.5-58.el7.cgslv5.0.1.g6d96868", "python-test-2.7.5-58.el7.cgslv5.0.1.g6d96868", "python-tools-2.7.5-58.el7.cgslv5.0.1.g6d96868", "tkinter-2.7.5-58.el7.cgslv5.0.1.g6d96868" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-001.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm last seen 2020-06-01 modified 2020-06-02 plugin id 35684 published 2009-02-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35684 title Mac OS X Multiple Vulnerabilities (Security Update 2009-001) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(35684); script_version("1.32"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_cve_id("CVE-2006-1861", "CVE-2006-3467", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667", "CVE-2007-4565", "CVE-2007-4965", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-1887", "CVE-2008-1927", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362", "CVE-2008-2379", "CVE-2008-2711", "CVE-2008-3142", "CVE-2008-3144", "CVE-2008-3663", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5050", "CVE-2008-5183", "CVE-2008-5314", "CVE-2009-0009", "CVE-2009-0011", "CVE-2009-0012", "CVE-2009-0013", "CVE-2009-0014", "CVE-2009-0015", "CVE-2009-0017", "CVE-2009-0018", "CVE-2009-0019", "CVE-2009-0020", "CVE-2009-0137", "CVE-2009-0138", "CVE-2009-0139", "CVE-2009-0140", "CVE-2009-0141", "CVE-2009-0142"); script_bugtraq_id(25495, 25696, 28715, 28749, 28928, 29705, 30491, 31976, 32207, 32555, 33187, 33796, 33798, 33800, 33806, 33808, 33809, 33810, 33811, 33812, 33813, 33814, 33815, 33816, 33820, 33821); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-001)"); script_summary(english:"Check for the presence of Security Update 2009-001"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/ht3438" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" ); script_set_attribute( attribute:"solution", value: "Install Security Update 2009-001 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(20, 79, 119, 189, 255, 264, 287, 310, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2009/02/13"); script_set_attribute(attribute:"patch_publication_date", value: "2009/02/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } # uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing."); if (egrep(pattern:"^SecUpd(Srvr)?(2009-00[1-9]|20[1-9][0-9]-)", string:packages)) exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected."); else security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-6]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[1-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is not affected.");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2008-217-01.NASL description New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33824 published 2008-08-05 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33824 title Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2008-217-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(33824); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:21"); script_cve_id("CVE-2008-1679", "CVE-2008-1721", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3144"); script_bugtraq_id(28715, 30491); script_xref(name:"SSA", value:"2008-217-01"); script_name(english:"Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?41912d97" ); script_set_attribute( attribute:"solution", value: "Update the affected python, python-demo and / or python-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:python-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:python-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/04/10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"10.1", pkgname:"python", pkgver:"2.4.5", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++; if (slackware_check(osver:"10.1", pkgname:"python-demo", pkgver:"2.4.5", pkgarch:"noarch", pkgnum:"1_slack10.1")) flag++; if (slackware_check(osver:"10.1", pkgname:"python-tools", pkgver:"2.4.5", pkgarch:"noarch", pkgnum:"1_slack10.1")) flag++; if (slackware_check(osver:"10.2", pkgname:"python", pkgver:"2.4.5", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++; if (slackware_check(osver:"10.2", pkgname:"python-demo", pkgver:"2.4.5", pkgarch:"noarch", pkgnum:"1_slack10.2")) flag++; if (slackware_check(osver:"10.2", pkgname:"python-tools", pkgver:"2.4.5", pkgarch:"noarch", pkgnum:"1_slack10.2")) flag++; if (slackware_check(osver:"11.0", pkgname:"python", pkgver:"2.4.5", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++; if (slackware_check(osver:"12.0", pkgname:"python", pkgver:"2.5.2", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"python", pkgver:"2.5.2", pkgarch:"i486", pkgnum:"2_slack12.1")) flag++; if (slackware_check(osver:"current", pkgname:"python", pkgver:"2.5.2", pkgarch:"i486", pkgnum:"2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200807-16.NASL description The remote host is affected by the vulnerability described in GLSA-200807-16 (Python: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Python: David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule (CVE-2008-2315). David Remahl of Apple Product Security also reported an integer overflow in the hashlib module, leading to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that only affect 32bit systems (CVE-2008-3142). The Google Security Team reported multiple integer overflows (CVE-2008-3143). Justin Ferguson reported multiple integer underflows and overflows in the PyOS_vsnprintf() function, and an off-by-one error when passing zero-length strings, leading to memory corruption (CVE-2008-3144). Impact : A remote attacker could exploit these vulnerabilities in Python applications or daemons that pass user-controlled input to vulnerable functions. Exploitation might lead to the execution of arbitrary code or a Denial of Service. Vulnerabilities within the hashlib might lead to weakened cryptographic protection of data integrity or authenticity. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 33782 published 2008-08-01 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33782 title GLSA-200807-16 : Python: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200807-16. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(33782); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"); script_xref(name:"GLSA", value:"200807-16"); script_name(english:"GLSA-200807-16 : Python: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200807-16 (Python: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Python: David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule (CVE-2008-2315). David Remahl of Apple Product Security also reported an integer overflow in the hashlib module, leading to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that only affect 32bit systems (CVE-2008-3142). The Google Security Team reported multiple integer overflows (CVE-2008-3143). Justin Ferguson reported multiple integer underflows and overflows in the PyOS_vsnprintf() function, and an off-by-one error when passing zero-length strings, leading to memory corruption (CVE-2008-3144). Impact : A remote attacker could exploit these vulnerabilities in Python applications or daemons that pass user-controlled input to vulnerable functions. Exploitation might lead to the execution of arbitrary code or a Denial of Service. Vulnerabilities within the hashlib might lead to weakened cryptographic protection of data integrity or authenticity. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200807-16" ); script_set_attribute( attribute:"solution", value: "All Python 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r14' All Python 2.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/python-2.5.2-r6' Please note that Python 2.3 is masked since June 24, and we will not be releasing updates to it. It will be removed from the tree in the near future." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/python", unaffected:make_list("rge 2.4.4-r14", "ge 2.5.2-r6", "rge 2.4.6"), vulnerable:make_list("lt 2.5.2-r6"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Python"); }NASL family SuSE Local Security Checks NASL id SUSE_11_0_PYTHON-080801.NASL description This update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316) last seen 2020-06-01 modified 2020-06-02 plugin id 40115 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40115 title openSUSE Security Update : python (python-128) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update python-128. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40115); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"); script_name(english:"openSUSE Security Update : python (python-128)"); script_summary(english:"Check for the python-128 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=377090" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=379121" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=379534" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=406051" ); script_set_attribute( attribute:"solution", value:"Update the affected python packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"python-2.5.2-26.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"python-curses-2.5.2-26.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"python-demo-2.5.2-26.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"python-devel-2.5.2-26.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"python-gdbm-2.5.2-26.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"python-idle-2.5.2-26.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"python-tk-2.5.2-26.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"python-xml-2.5.2-26.2") ) flag++; if ( rpm_check(release:"SUSE11.0", cpu:"x86_64", reference:"python-32bit-2.5.2-26.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }NASL family SuSE Local Security Checks NASL id SUSE_PYTHON-5491.NASL description This update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316) last seen 2020-06-01 modified 2020-06-02 plugin id 33924 published 2008-08-17 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33924 title openSUSE 10 Security Update : python (python-5491) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update python-5491. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(33924); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"); script_name(english:"openSUSE 10 Security Update : python (python-5491)"); script_summary(english:"Check for the python-5491 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)" ); script_set_attribute( attribute:"solution", value:"Update the affected python packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"python-2.5-19.10") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"python-curses-2.5-19.10") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"python-demo-2.5-19.10") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"python-devel-2.5-19.10") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"python-gdbm-2.5-19.10") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"python-idle-2.5-19.10") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"python-tk-2.5-19.10") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"python-xml-2.5-19.10") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"python-32bit-2.5-19.10") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"python-2.5.1-39.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"python-curses-2.5.1-39.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"python-demo-2.5.1-39.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"python-devel-2.5.1-39.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"python-gdbm-2.5.1-39.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"python-idle-2.5.1-39.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"python-tk-2.5.1-39.6") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"python-xml-2.5.1-39.6") ) flag++; if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"python-32bit-2.5.1-39.6") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0234-1.NASL description This update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133259 published 2020-01-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133259 title SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy) NASL family SuSE Local Security Checks NASL id SUSE_PYTHON-5490.NASL description This update of python fixes several security vulnerabilities. (CVE-2008-1679 / CVE-2008-1887 / CVE-2008-3143 / CVE-2008-3142 / CVE-2008-3144 / CVE-2008-2315 / CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too. last seen 2020-06-01 modified 2020-06-02 plugin id 33923 published 2008-08-17 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33923 title SuSE 10 Security Update : Python (ZYPP Patch Number 5490) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-163.NASL description Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). He also reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142). Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143). Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144). The updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package. last seen 2020-06-01 modified 2020-06-02 plugin id 37212 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37212 title Mandriva Linux Security Advisory : python (MDVSA-2008:163) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1977.NASL description Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. (CVE-2009-3560 CVE-2009-3720 ) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316 ) It only affects the oldstable distribution (etch). last seen 2020-06-01 modified 2020-06-02 plugin id 44841 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44841 title Debian DSA-1977-1 : python2.4 python2.5 - several vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0DCCAA287F3C11DD8DE50030843D3802.NASL description Secunia reports : Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule. An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results. Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems. An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a last seen 2020-06-01 modified 2020-06-02 plugin id 34164 published 2008-09-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34164 title FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-632-1.NASL description It was discovered that there were new integer overflows in the imageop module. If an attacker were able to trick a Python application into processing a specially crafted image, they could execute arbitrary code with user privileges. (CVE-2008-1679) Justin Ferguson discovered that the zlib module did not correctly handle certain archives. If an attacker were able to trick a Python application into processing a specially crafted archive file, they could execute arbitrary code with user privileges. (CVE-2008-1721) Justin Ferguson discovered that certain string manipulations in Python could be made to overflow. If an attacker were able to pass a specially crafted string through the PyString_FromStringAndSize function, they could execute arbitrary code with user privileges. (CVE-2008-1887) Multiple integer overflows were discovered in Python last seen 2020-06-01 modified 2020-06-02 plugin id 33807 published 2008-08-04 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33807 title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)
Seebug
bulletinFamily exploit description BUGTRAQ ID: 30491 CVE ID:CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CNCVE ID:CNCVE-20082315 CNCVE-20082316 CNCVE-20083142 CNCVE-20083143 CNCVE-20083144 Python是一款开放源代码的脚本编程语言。 Python中存在多个整数溢出漏洞,远程攻击者可以利用漏洞对应用程序进行拒绝服务或者任意代码执行攻击。 1) stringobject、unicodeobject、bufferobject、longobject、tupleobject、stropmodule、gcmodule、mmapmodule等核心模块中存在各种整数溢出。 2) hashlib模块中的整数溢出可导致不可信的加密摘要结果。 3) 在处理unicode字符串时unicode_resize()中的整数溢出可能在32位系统上出现缓冲区溢出错误。以下是有漏洞的代码段: static int unicode_resize(register PyUnicodeObject *unicode, Py_ssize_t length) { [...] oldstr = unicode->str; PyMem_RESIZE(unicode->str, Py_UNICODE, length + 1); [...] unicode->str[length] = 0; unicode->length = length; #define PyMem_RESIZE(p, type, n) \ ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \ ( (p) = (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) ) 4) 在没有vsnprintf()函数的架构上,PyOS_vsnprintf()函数中存在整数溢出漏洞。以下是有漏洞的代码段: int PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) { int len; /* # bytes written, excluding \0 */ [...] assert(str != NULL); assert(size > 0); assert(format != NULL); [...] /* Emulate it. */ buffer = PyMem_MALLOC(size + 512); if (buffer == NULL) { len = -666; goto Done; } len = vsprintf(buffer, format, va); if (len < 0) /* ignore the error */; else if ((size_t)len >= size + 512) Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf"); else { const size_t to_copy = (size_t)len < size ? (size_t)len : size - 1; assert(to_copy < size); memcpy(str, buffer, to_copy); str[to_copy] = '\0'; } PyMem_FREE(buffer); Done: [...] str[size-1] = '\0'; return len; } 5) 当0长度的字符串发送给PyOS_vsnprintf()函数,就可能触发整数溢出,导致内存破坏。以下是有漏洞的代码段: int PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) { int len; /* # bytes written, excluding \0 */ #ifndef HAVE_SNPRINTF char *buffer; #endif assert(str != NULL); assert(size > 0); assert(format != NULL); [...] len = vsnprintf(str, size, format, va); [...] str[size-1] = '\0'; return len; } Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.4 Python Software Foundation Python 2.4.3 + Trustix Secure Linux 3.0.5 Python Software Foundation Python 2.4.2 Python Software Foundation Python 2.4.1 Python Software Foundation Python 2.4 Python Software Foundation Python 2.3.6 Python Software Foundation Python 2.3.5 Python Software Foundation Python 2.3.4 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Python Software Foundation Python 2.3.3 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Python Software Foundation Python 2.3.2 Python Software Foundation Python 2.3.1 Python Software Foundation Python 2.3 b1 Python Software Foundation Python 2.3 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Python Software Foundation Python 2.2.3 + RedHat Desktop 3.0 + RedHat Enterprise Linux AS 3 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux WS 3 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Python Software Foundation Python 2.2.2 + OpenPKG OpenPKG 1.2 + RedHat Linux 7.3 + S.u.S.E. Linux Personal 8.2 Python Software Foundation Python 2.2.1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.0 + OpenPKG OpenPKG 1.1 + S.u.S.E. Linux 8.1 Python Software Foundation Python 2.2 + Conectiva Linux 8.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 Python Software Foundation Python 2.1.3 + Debian Linux 3.0 Python Software Foundation Python 2.1.2 Python Software Foundation Python 2.1.1 + RedHat Linux 7.2 + Sun Linux 5.0.7 Python Software Foundation Python 2.1 + Conectiva Linux 7.0 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Python Software Foundation Python 2.0.1 Python Software Foundation Python 2.0 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 Python Software Foundation Python 2.5 Gentoo Linux Gentoo ------ Gentoo可参考如下安全公告获得相应补丁: <a href=http://security.gentoo.org/glsa/glsa-200807-16.xml target=_blank>http://security.gentoo.org/glsa/glsa-200807-16.xml</a> Python 2.4用户应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r14" Python 2.5用户应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.2-r6" Python已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://svn.python.org/view?rev=65335&view=rev target=_blank>http://svn.python.org/view?rev=65335&view=rev</a> id SSV:3800 last seen 2017-11-19 modified 2008-08-07 published 2008-08-07 reporter Root title Python存在多个缓冲区溢出漏洞 bulletinFamily exploit description BUGTRAQ ID: 30491 CVE(CAN) ID: CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144 Python是一种开放源代码的脚本编程语言。 Python中存在多个整数溢出漏洞,可能允许恶意用户导致拒绝服务或入侵有漏洞的系统。 1) stringobject、unicodeobject、bufferobject、longobject、tupleobject、stropmodule、gcmodule、mmapmodule等核心模块中存在各种整数溢出。 2) hashlib模块中的整数溢出可能导致不可信任的加密摘要结果。 3) 在处理unicode字符串时unicode_resize()中的整数溢出可能在32位系统上导致错误的内存分配。以下是有漏洞的代码段: 174 static 175 int unicode_resize(register PyUnicodeObject *unicode, 176 Py_ssize_t length) 177 { [...] 201 202 oldstr = unicode->str; 203 PyMem_RESIZE(unicode->str, Py_UNICODE, length + 1); [...] 209 unicode->str[length] = 0; 210 unicode->length = length; 211 95 #define PyMem_RESIZE(p, type, n) \ 96 ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \ 97 ( (p) = (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) ) 4) 在不存在vsnprintf()函数的架构上,PyOS_vsnprintf()函数中存在整数溢出漏洞。以下是有漏洞的代码段: 53 int 54 PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) 55 { 56 int len; /* # bytes written, excluding \0 */ [...] 60 assert(str != NULL); 61 assert(size > 0); 62 assert(format != NULL); 63 [...] 67 /* Emulate it. */ 68 buffer = PyMem_MALLOC(size + 512); 69 if (buffer == NULL) { 70 len = -666; 71 goto Done; 72 } 73 74 len = vsprintf(buffer, format, va); 75 if (len < 0) 76 /* ignore the error */; 77 78 else if ((size_t)len >= size + 512) 79 Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf"); 80 81 else { 82 const size_t to_copy = (size_t)len < size ? 83 (size_t)len : size - 1; 84 assert(to_copy < size); 85 memcpy(str, buffer, to_copy); 86 str[to_copy] = '\0'; 87 } 88 PyMem_FREE(buffer); 89 Done: [...] 91 str[size-1] = '\0'; 92 return len; 93 } 5) 如果向PyOS_vsnprintf()函数传送了0长度的字符串的话,就可能触发整数溢出,导致内存破坏。以下是有漏洞的代码段: 53 int 54 PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) 55 { 56 int len; /* # bytes written, excluding \0 */ 57 #ifndef HAVE_SNPRINTF 58 char *buffer; 59 #endif 60 assert(str != NULL); 61 assert(size > 0); 62 assert(format != NULL); [...] 65 len = vsnprintf(str, size, format, va); [...] 91 str[size-1] = '\0'; 92 return len; 93 } python 2.5.x python 2.4.x 厂商补丁: Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200807-16)以及相应补丁: GLSA-200807-16:Python: Multiple vulnerabilities 链接:<a href=http://security.gentoo.org/glsa/glsa-200807-16.xml target=_blank>http://security.gentoo.org/glsa/glsa-200807-16.xml</a> 所有Python 2.4用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.4.4-r14" 所有Python 2.5用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/python-2.5.2-r6" Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://svn.python.org/view?rev=65335&view=rev target=_blank>http://svn.python.org/view?rev=65335&view=rev</a> id SSV:3787 last seen 2017-11-19 modified 2008-08-06 published 2008-08-06 reporter Root title Python多个整数溢出漏洞
Statements
| contributor | Tomas Hoger |
| lastmodified | 2008-08-04 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected module was only introduced upstream in python 2.5. |
References
- http://bugs.gentoo.org/attachment.cgi?id=159422&action=view
- http://bugs.gentoo.org/show_bug.cgi?id=230640
- http://security.gentoo.org/glsa/glsa-200807-16.xml
- http://secunia.com/advisories/31332
- http://www.ubuntu.com/usn/usn-632-1
- http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
- http://secunia.com/advisories/31365
- http://secunia.com/advisories/31305
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:163
- http://secunia.com/advisories/31518
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
- http://secunia.com/advisories/31358
- http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900
- http://wiki.rpath.com/Advisories:rPSA-2008-0243
- http://www.securityfocus.com/bid/30491
- http://secunia.com/advisories/31687
- http://secunia.com/advisories/31473
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://support.apple.com/kb/HT3438
- http://www.vupen.com/english/advisories/2008/2288
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44174
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44173
- http://www.securityfocus.com/archive/1/495445/100/0/threaded