Vulnerabilities > CVE-2008-3144 - Numeric Errors vulnerability in Python Software Foundation Python

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
python-software-foundation
CWE-189
nessus

Summary

Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12215.NASL
    descriptionThis update of python fixes several security vulnerabilities. (CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too.
    last seen2020-06-01
    modified2020-06-02
    plugin id41229
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41229
    titleSuSE9 Security Update : Python (YOU Patch Number 12215)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41229);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144");
    
      script_name(english:"SuSE9 Security Update : Python (YOU Patch Number 12215)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of python fixes several security vulnerabilities.
    (CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142,
    CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)
    
    Note: for SLE10 a non-security bug in mmap was fixed too."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1679.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1887.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2315.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2316.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-3142.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-3143.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-3144.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12215.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"python-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-curses-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-demo-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-devel-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-doc-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-doc-pdf-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-gdbm-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-idle-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-mpz-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-tk-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", reference:"python-xml-2.3.3-88.24")) flag++;
    if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"python-32bit-9-200808010009")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1176.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id40400
    published2009-07-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40400
    titleRHEL 5 : python (RHSA-2009:1176)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1176. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40400);
      script_version ("1.26");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031");
      script_bugtraq_id(25696, 28715, 28749, 30491, 31932, 31976, 33187);
      script_xref(name:"RHSA", value:"2009:1176");
    
      script_name(english:"RHEL 5 : python (RHSA-2009:1176)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated python packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Python is an interpreted, interactive, object-oriented programming
    language.
    
    When the assert() system call was disabled, an input sanitization flaw
    was revealed in the Python string object implementation that led to a
    buffer overflow. The missing check for negative size values meant the
    Python memory allocator could allocate less memory than expected. This
    could result in arbitrary code execution with the Python interpreter's
    privileges. (CVE-2008-1887)
    
    Multiple buffer and integer overflow flaws were found in the Python
    Unicode string processing and in the Python Unicode and string object
    implementations. An attacker could use these flaws to cause a denial
    of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)
    
    Multiple integer overflow flaws were found in the Python imageop
    module. If a Python application used the imageop module to process
    untrusted images, it could cause the application to disclose sensitive
    information, crash or, potentially, execute arbitrary code with the
    Python interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)
    
    Multiple integer underflow and overflow flaws were found in the Python
    snprintf() wrapper implementation. An attacker could use these flaws
    to cause a denial of service (memory corruption). (CVE-2008-3144)
    
    Multiple integer overflow flaws were found in various Python modules.
    An attacker could use these flaws to cause a denial of service (Python
    application crash). (CVE-2008-2315, CVE-2008-3143)
    
    An integer signedness error, leading to a buffer overflow, was found
    in the Python zlib extension module. If a Python application requested
    the negative byte count be flushed for a decompression stream, it
    could cause the application to crash or, potentially, execute
    arbitrary code with the Python interpreter's privileges.
    (CVE-2008-1721)
    
    A flaw was discovered in the strxfrm() function of the Python locale
    module. Strings generated by this function were not properly
    NULL-terminated, which could possibly cause disclosure of data stored
    in the memory of a Python application using this function.
    (CVE-2007-2052)
    
    Red Hat would like to thank David Remahl of the Apple Product Security
    team for responsibly reporting the CVE-2008-2315 issue.
    
    All Python users should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-2052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4965"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-2315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3142"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3144"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-4864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1176"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1176";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"python-2.4.3-24.el5_3.6")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"python-2.4.3-24.el5_3.6")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"python-2.4.3-24.el5_3.6")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"python-devel-2.4.3-24.el5_3.6")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"python-tools-2.4.3-24.el5_3.6")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"python-tools-2.4.3-24.el5_3.6")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"python-tools-2.4.3-24.el5_3.6")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"tkinter-2.4.3-24.el5_3.6")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"tkinter-2.4.3-24.el5_3.6")) flag++;
    
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"tkinter-2.4.3-24.el5_3.6")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-tools / tkinter");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1178.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id40402
    published2009-07-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40402
    titleRHEL 3 : python (RHSA-2009:1178)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1178. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40402);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:14");
    
      script_cve_id("CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031");
      script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);
      script_xref(name:"RHSA", value:"2009:1178");
    
      script_name(english:"RHEL 3 : python (RHSA-2009:1178)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated python packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Python is an interpreted, interactive, object-oriented programming
    language.
    
    When the assert() system call was disabled, an input sanitization flaw
    was revealed in the Python string object implementation that led to a
    buffer overflow. The missing check for negative size values meant the
    Python memory allocator could allocate less memory than expected. This
    could result in arbitrary code execution with the Python interpreter's
    privileges. (CVE-2008-1887)
    
    Multiple buffer and integer overflow flaws were found in the Python
    Unicode string processing and in the Python Unicode and string object
    implementations. An attacker could use these flaws to cause a denial
    of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)
    
    Multiple integer overflow flaws were found in the Python imageop
    module. If a Python application used the imageop module to process
    untrusted images, it could cause the application to crash or,
    potentially, execute arbitrary code with the Python interpreter's
    privileges. (CVE-2008-1679, CVE-2008-4864)
    
    Multiple integer underflow and overflow flaws were found in the Python
    snprintf() wrapper implementation. An attacker could use these flaws
    to cause a denial of service (memory corruption). (CVE-2008-3144)
    
    Multiple integer overflow flaws were found in various Python modules.
    An attacker could use these flaws to cause a denial of service (Python
    application crash). (CVE-2008-2315, CVE-2008-3143)
    
    Red Hat would like to thank David Remahl of the Apple Product Security
    team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315
    issues.
    
    All Python users should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1679"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-2315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3142"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-3144"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-4864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-5031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1178"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/04/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2009:1178";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"python-2.2.3-6.11")) flag++;
      if (rpm_check(release:"RHEL3", reference:"python-devel-2.2.3-6.11")) flag++;
      if (rpm_check(release:"RHEL3", reference:"python-tools-2.2.3-6.11")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tkinter-2.2.3-6.11")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-tools / tkinter");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1178.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id40394
    published2009-07-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40394
    titleCentOS 3 : python (CESA-2009:1178)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1178 and 
    # CentOS Errata and Security Advisory 2009:1178 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40394);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031");
      script_bugtraq_id(28715, 28749, 30491, 31932, 31976, 33187);
      script_xref(name:"RHSA", value:"2009:1178");
    
      script_name(english:"CentOS 3 : python (CESA-2009:1178)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated python packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Python is an interpreted, interactive, object-oriented programming
    language.
    
    When the assert() system call was disabled, an input sanitization flaw
    was revealed in the Python string object implementation that led to a
    buffer overflow. The missing check for negative size values meant the
    Python memory allocator could allocate less memory than expected. This
    could result in arbitrary code execution with the Python interpreter's
    privileges. (CVE-2008-1887)
    
    Multiple buffer and integer overflow flaws were found in the Python
    Unicode string processing and in the Python Unicode and string object
    implementations. An attacker could use these flaws to cause a denial
    of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)
    
    Multiple integer overflow flaws were found in the Python imageop
    module. If a Python application used the imageop module to process
    untrusted images, it could cause the application to crash or,
    potentially, execute arbitrary code with the Python interpreter's
    privileges. (CVE-2008-1679, CVE-2008-4864)
    
    Multiple integer underflow and overflow flaws were found in the Python
    snprintf() wrapper implementation. An attacker could use these flaws
    to cause a denial of service (memory corruption). (CVE-2008-3144)
    
    Multiple integer overflow flaws were found in various Python modules.
    An attacker could use these flaws to cause a denial of service (Python
    application crash). (CVE-2008-2315, CVE-2008-3143)
    
    Red Hat would like to thank David Remahl of the Apple Product Security
    team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315
    issues.
    
    All Python users should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-July/016040.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fe2ccaf6"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-July/016041.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dfc5e7af"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/04/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"python-2.2.3-6.11")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"python-2.2.3-6.11")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"python-devel-2.2.3-6.11")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"python-devel-2.2.3-6.11")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"python-docs-2.2.3-6.11")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"python-docs-2.2.3-6.11")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"python-tools-2.2.3-6.11")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"python-tools-2.2.3-6.11")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"tkinter-2.2.3-6.11")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"tkinter-2.2.3-6.11")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-docs / python-tools / tkinter");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
    last seen2020-06-01
    modified2020-06-02
    plugin id35684
    published2009-02-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35684
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-001)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35684);
      script_version("1.32");
      script_cvs_date("Date: 2018/07/16 12:48:31");
    
      script_cve_id("CVE-2006-1861", "CVE-2006-3467", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667",
                    "CVE-2007-4565", "CVE-2007-4965", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-1679",
                    "CVE-2008-1721", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-1887",
                    "CVE-2008-1927", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-2360", "CVE-2008-2361",
                    "CVE-2008-2362", "CVE-2008-2379", "CVE-2008-2711", "CVE-2008-3142", "CVE-2008-3144",
                    "CVE-2008-3663", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5050", "CVE-2008-5183",
                    "CVE-2008-5314", "CVE-2009-0009", "CVE-2009-0011", "CVE-2009-0012", "CVE-2009-0013",
                    "CVE-2009-0014", "CVE-2009-0015", "CVE-2009-0017", "CVE-2009-0018", "CVE-2009-0019",
                    "CVE-2009-0020", "CVE-2009-0137", "CVE-2009-0138", "CVE-2009-0139", "CVE-2009-0140",
                    "CVE-2009-0141", "CVE-2009-0142");
      script_bugtraq_id(25495, 25696, 28715, 28749, 28928, 29705, 30491, 31976, 32207, 32555,
                        33187, 33796, 33798, 33800, 33806, 33808, 33809, 33810, 33811, 33812,
                        33813, 33814, 33815, 33816, 33820, 33821);
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-001)");
      script_summary(english:"Check for the presence of Security Update 2009-001");
    
      script_set_attribute(  attribute:"synopsis",   value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."  );
      script_set_attribute( attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.5 or 10.4 that
    does not have Security Update 2009-001 applied.
    
    This security update contains fixes for the following products :
    
      - AFP Server
      - Apple Pixlet Video
      - CarbonCore
      - CFNetwork
      - Certificate Assistant
      - ClamAV
      - CoreText
      - CUPS
      - DS Tools
      - fetchmail
      - Folder Manager
      - FSEvents
      - Network Time
      - perl
      - Printing
      - python
      - Remote Apple Events
      - Safari RSS
      - servermgrd
      - SMB
      - SquirrelMail
      - X11
      - XTerm"  );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/ht3438"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
      );
      script_set_attribute( attribute:"solution", value:
        "Install Security Update 2009-001 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(20, 79, 119, 189, 255, 264, 287, 310, 362, 399);
      script_set_attribute(attribute:"plugin_publication_date", value: "2009/02/13");
      script_set_attribute(attribute:"patch_publication_date", value: "2009/02/12");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    #
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    
    if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");
    
      if (egrep(pattern:"^SecUpd(Srvr)?(2009-00[1-9]|20[1-9][0-9]-)", string:packages))
        exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else if (egrep(pattern:"Darwin.* (9\.[0-6]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[1-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages))
        exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1176.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id43771
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43771
    titleCentOS 5 : python (CESA-2009:1176)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1176 and 
    # CentOS Errata and Security Advisory 2009:1176 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43771);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031");
      script_bugtraq_id(25696, 28715, 28749, 30491, 31932, 31976, 33187);
      script_xref(name:"RHSA", value:"2009:1176");
    
      script_name(english:"CentOS 5 : python (CESA-2009:1176)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated python packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Python is an interpreted, interactive, object-oriented programming
    language.
    
    When the assert() system call was disabled, an input sanitization flaw
    was revealed in the Python string object implementation that led to a
    buffer overflow. The missing check for negative size values meant the
    Python memory allocator could allocate less memory than expected. This
    could result in arbitrary code execution with the Python interpreter's
    privileges. (CVE-2008-1887)
    
    Multiple buffer and integer overflow flaws were found in the Python
    Unicode string processing and in the Python Unicode and string object
    implementations. An attacker could use these flaws to cause a denial
    of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)
    
    Multiple integer overflow flaws were found in the Python imageop
    module. If a Python application used the imageop module to process
    untrusted images, it could cause the application to disclose sensitive
    information, crash or, potentially, execute arbitrary code with the
    Python interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)
    
    Multiple integer underflow and overflow flaws were found in the Python
    snprintf() wrapper implementation. An attacker could use these flaws
    to cause a denial of service (memory corruption). (CVE-2008-3144)
    
    Multiple integer overflow flaws were found in various Python modules.
    An attacker could use these flaws to cause a denial of service (Python
    application crash). (CVE-2008-2315, CVE-2008-3143)
    
    An integer signedness error, leading to a buffer overflow, was found
    in the Python zlib extension module. If a Python application requested
    the negative byte count be flushed for a decompression stream, it
    could cause the application to crash or, potentially, execute
    arbitrary code with the Python interpreter's privileges.
    (CVE-2008-1721)
    
    A flaw was discovered in the strxfrm() function of the Python locale
    module. Strings generated by this function were not properly
    NULL-terminated, which could possibly cause disclosure of data stored
    in the memory of a Python application using this function.
    (CVE-2007-2052)
    
    Red Hat would like to thank David Remahl of the Apple Product Security
    team for responsibly reporting the CVE-2008-2315 issue.
    
    All Python users should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-July/016050.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c0d8b6fa"
      );
      # https://lists.centos.org/pipermail/centos-announce/2009-July/016051.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?35d535d9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/07/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"python-2.4.3-24.el5_3.6")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"python-devel-2.4.3-24.el5_3.6")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"python-tools-2.4.3-24.el5_3.6")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"tkinter-2.4.3-24.el5_3.6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-tools / tkinter");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-217-01.NASL
    descriptionNew python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33824
    published2008-08-05
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33824
    titleSlackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2008-217-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33824);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:21");
    
      script_cve_id("CVE-2008-1679", "CVE-2008-1721", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3144");
      script_bugtraq_id(28715, 30491);
      script_xref(name:"SSA", value:"2008-217-01");
    
      script_name(english:"Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)");
      script_summary(english:"Checks for updated packages in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New python packages are available for Slackware 10.1, 10.2, 11.0,
    12.0, 12.1, and -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?41912d97"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected python, python-demo and / or python-tools
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:python-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/04/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"10.1", pkgname:"python", pkgver:"2.4.5", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++;
    if (slackware_check(osver:"10.1", pkgname:"python-demo", pkgver:"2.4.5", pkgarch:"noarch", pkgnum:"1_slack10.1")) flag++;
    if (slackware_check(osver:"10.1", pkgname:"python-tools", pkgver:"2.4.5", pkgarch:"noarch", pkgnum:"1_slack10.1")) flag++;
    
    if (slackware_check(osver:"10.2", pkgname:"python", pkgver:"2.4.5", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++;
    if (slackware_check(osver:"10.2", pkgname:"python-demo", pkgver:"2.4.5", pkgarch:"noarch", pkgnum:"1_slack10.2")) flag++;
    if (slackware_check(osver:"10.2", pkgname:"python-tools", pkgver:"2.4.5", pkgarch:"noarch", pkgnum:"1_slack10.2")) flag++;
    
    if (slackware_check(osver:"11.0", pkgname:"python", pkgver:"2.4.5", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++;
    
    if (slackware_check(osver:"12.0", pkgname:"python", pkgver:"2.5.2", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++;
    
    if (slackware_check(osver:"12.1", pkgname:"python", pkgver:"2.5.2", pkgarch:"i486", pkgnum:"2_slack12.1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"python", pkgver:"2.5.2", pkgarch:"i486", pkgnum:"2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090728_PYTHON_FOR_SL_3_0_X.NASL
    descriptionWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id60624
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60624
    titleScientific Linux Security Update : python for SL 3.0.x on i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60624);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:18");
    
      script_cve_id("CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031");
    
      script_name(english:"Scientific Linux Security Update : python for SL 3.0.x on i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "When the assert() system call was disabled, an input sanitization flaw
    was revealed in the Python string object implementation that led to a
    buffer overflow. The missing check for negative size values meant the
    Python memory allocator could allocate less memory than expected. This
    could result in arbitrary code execution with the Python interpreter's
    privileges. (CVE-2008-1887)
    
    Multiple buffer and integer overflow flaws were found in the Python
    Unicode string processing and in the Python Unicode and string object
    implementations. An attacker could use these flaws to cause a denial
    of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)
    
    Multiple integer overflow flaws were found in the Python imageop
    module. If a Python application used the imageop module to process
    untrusted images, it could cause the application to crash or,
    potentially, execute arbitrary code with the Python interpreter's
    privileges. (CVE-2008-1679, CVE-2008-4864)
    
    Multiple integer underflow and overflow flaws were found in the Python
    snprintf() wrapper implementation. An attacker could use these flaws
    to cause a denial of service (memory corruption). (CVE-2008-3144)
    
    Multiple integer overflow flaws were found in various Python modules.
    An attacker could use these flaws to cause a denial of service (Python
    application crash). (CVE-2008-2315, CVE-2008-3143)
    
    Would like to thank David Remahl of the Apple Product Security team
    for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=2408
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?492e1514"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/04/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL3", reference:"python-2.2.3-6.11")) flag++;
    if (rpm_check(release:"SL3", reference:"python-devel-2.2.3-6.11")) flag++;
    if (rpm_check(release:"SL3", cpu:"i386", reference:"python-docs-2.2.3-6.11")) flag++;
    if (rpm_check(release:"SL3", reference:"python-tools-2.2.3-6.11")) flag++;
    if (rpm_check(release:"SL3", reference:"tkinter-2.2.3-6.11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1176.NASL
    descriptionFrom Red Hat Security Advisory 2009:1176 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id67896
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67896
    titleOracle Linux 5 : python (ELSA-2009-1176)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1176 and 
    # Oracle Linux Security Advisory ELSA-2009-1176 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67896);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031");
      script_bugtraq_id(25696, 28715, 28749, 30491, 31932, 31976, 33187);
      script_xref(name:"RHSA", value:"2009:1176");
    
      script_name(english:"Oracle Linux 5 : python (ELSA-2009-1176)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1176 :
    
    Updated python packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Python is an interpreted, interactive, object-oriented programming
    language.
    
    When the assert() system call was disabled, an input sanitization flaw
    was revealed in the Python string object implementation that led to a
    buffer overflow. The missing check for negative size values meant the
    Python memory allocator could allocate less memory than expected. This
    could result in arbitrary code execution with the Python interpreter's
    privileges. (CVE-2008-1887)
    
    Multiple buffer and integer overflow flaws were found in the Python
    Unicode string processing and in the Python Unicode and string object
    implementations. An attacker could use these flaws to cause a denial
    of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)
    
    Multiple integer overflow flaws were found in the Python imageop
    module. If a Python application used the imageop module to process
    untrusted images, it could cause the application to disclose sensitive
    information, crash or, potentially, execute arbitrary code with the
    Python interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)
    
    Multiple integer underflow and overflow flaws were found in the Python
    snprintf() wrapper implementation. An attacker could use these flaws
    to cause a denial of service (memory corruption). (CVE-2008-3144)
    
    Multiple integer overflow flaws were found in various Python modules.
    An attacker could use these flaws to cause a denial of service (Python
    application crash). (CVE-2008-2315, CVE-2008-3143)
    
    An integer signedness error, leading to a buffer overflow, was found
    in the Python zlib extension module. If a Python application requested
    the negative byte count be flushed for a decompression stream, it
    could cause the application to crash or, potentially, execute
    arbitrary code with the Python interpreter's privileges.
    (CVE-2008-1721)
    
    A flaw was discovered in the strxfrm() function of the Python locale
    module. Strings generated by this function were not properly
    NULL-terminated, which could possibly cause disclosure of data stored
    in the memory of a Python application using this function.
    (CVE-2007-2052)
    
    Red Hat would like to thank David Remahl of the Apple Product Security
    team for responsibly reporting the CVE-2008-2315 issue.
    
    All Python users should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-July/001090.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"python-2.4.3-24.el5_3.6")) flag++;
    if (rpm_check(release:"EL5", reference:"python-devel-2.4.3-24.el5_3.6")) flag++;
    if (rpm_check(release:"EL5", reference:"python-tools-2.4.3-24.el5_3.6")) flag++;
    if (rpm_check(release:"EL5", reference:"tkinter-2.4.3-24.el5_3.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-tools / tkinter");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200807-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200807-16 (Python: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Python: David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule (CVE-2008-2315). David Remahl of Apple Product Security also reported an integer overflow in the hashlib module, leading to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that only affect 32bit systems (CVE-2008-3142). The Google Security Team reported multiple integer overflows (CVE-2008-3143). Justin Ferguson reported multiple integer underflows and overflows in the PyOS_vsnprintf() function, and an off-by-one error when passing zero-length strings, leading to memory corruption (CVE-2008-3144). Impact : A remote attacker could exploit these vulnerabilities in Python applications or daemons that pass user-controlled input to vulnerable functions. Exploitation might lead to the execution of arbitrary code or a Denial of Service. Vulnerabilities within the hashlib might lead to weakened cryptographic protection of data integrity or authenticity. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id33782
    published2008-08-01
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33782
    titleGLSA-200807-16 : Python: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200807-16.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33782);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144");
      script_xref(name:"GLSA", value:"200807-16");
    
      script_name(english:"GLSA-200807-16 : Python: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200807-16
    (Python: Multiple vulnerabilities)
    
        Multiple vulnerabilities were discovered in Python:
        David Remahl of Apple Product Security reported several integer
        overflows in core modules such as stringobject, unicodeobject,
        bufferobject, longobject, tupleobject, stropmodule, gcmodule,
        mmapmodule (CVE-2008-2315).
        David Remahl of Apple Product Security also reported an integer
        overflow in the hashlib module, leading to unreliable cryptographic
        digest results (CVE-2008-2316).
        Justin Ferguson reported multiple buffer overflows in unicode string
        processing that only affect 32bit systems (CVE-2008-3142).
        The Google Security Team reported multiple integer overflows
        (CVE-2008-3143).
        Justin Ferguson reported multiple integer underflows and overflows in
        the PyOS_vsnprintf() function, and an off-by-one error when passing
        zero-length strings, leading to memory corruption (CVE-2008-3144).
      
    Impact :
    
        A remote attacker could exploit these vulnerabilities in Python
        applications or daemons that pass user-controlled input to vulnerable
        functions. Exploitation might lead to the execution of arbitrary code
        or a Denial of Service. Vulnerabilities within the hashlib might lead
        to weakened cryptographic protection of data integrity or authenticity.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200807-16"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Python 2.4 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r14'
        All Python 2.5 users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=dev-lang/python-2.5.2-r6'
        Please note that Python 2.3 is masked since June 24, and we will not be
        releasing updates to it. It will be removed from the tree in the near
        future."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/python", unaffected:make_list("rge 2.4.4-r14", "ge 2.5.2-r6", "rge 2.4.6"), vulnerable:make_list("lt 2.5.2-r6"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Python");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1667.NASL
    descriptionSeveral vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2315 David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules. - CVE-2008-3142 Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows. - CVE-2008-3143 Several integer overflows were discovered in various Python core modules. - CVE-2008-3144 Several integer overflows were discovered in the PyOS_vsnprintf() function.
    last seen2020-06-01
    modified2020-06-02
    plugin id34823
    published2008-11-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34823
    titleDebian DSA-1667-1 : python2.4 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1667. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34823);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144");
      script_xref(name:"DSA", value:"1667");
    
      script_name(english:"Debian DSA-1667-1 : python2.4 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the interpreter for
    the Python language. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2008-2315
        David Remahl discovered several integer overflows in the
        stringobject, unicodeobject, bufferobject, longobject,
        tupleobject, stropmodule, gcmodule, and mmapmodule
        modules.
    
      - CVE-2008-3142
        Justin Ferguson discovered that incorrect memory
        allocation in the unicode_resize() function can lead to
        buffer overflows.
    
      - CVE-2008-3143
        Several integer overflows were discovered in various
        Python core modules.
    
      - CVE-2008-3144
        Several integer overflows were discovered in the
        PyOS_vsnprintf() function."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-2315"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3142"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-3144"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1667"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the python2.4 packages.
    
    For the stable distribution (etch), these problems have been fixed in
    version 2.4.4-3+etch2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/11/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"idle-python2.4", reference:"2.4.4-3+etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"python2.4", reference:"2.4.4-3+etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"python2.4-dbg", reference:"2.4.4-3+etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"python2.4-dev", reference:"2.4.4-3+etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"python2.4-examples", reference:"2.4.4-3+etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"python2.4-minimal", reference:"2.4.4-3+etch2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090727_PYTHON_FOR_SL5_X.NASL
    descriptionWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id60622
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60622
    titleScientific Linux Security Update : python for SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_PYTHON-080801.NASL
    descriptionThis update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)
    last seen2020-06-01
    modified2020-06-02
    plugin id40115
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40115
    titleopenSUSE Security Update : python (python-128)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PYTHON-5491.NASL
    descriptionThis update of python fixes several security vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)
    last seen2020-06-01
    modified2020-06-02
    plugin id33924
    published2008-08-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33924
    titleopenSUSE 10 Security Update : python (python-5491)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0234-1.NASL
    descriptionThis update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133259
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133259
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090728_PYTHON_FOR_SL_4_X.NASL
    descriptionWhen the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id60625
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60625
    titleScientific Linux Security Update : python for SL 4.x on i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1177.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id40401
    published2009-07-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40401
    titleRHEL 4 : python (RHSA-2009:1177)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PYTHON-5490.NASL
    descriptionThis update of python fixes several security vulnerabilities. (CVE-2008-1679 / CVE-2008-1887 / CVE-2008-3143 / CVE-2008-3142 / CVE-2008-3144 / CVE-2008-2315 / CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too.
    last seen2020-06-01
    modified2020-06-02
    plugin id33923
    published2008-08-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33923
    titleSuSE 10 Security Update : Python (ZYPP Patch Number 5490)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-163.NASL
    descriptionMultiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965. David Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). He also reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results (CVE-2008-2316). Justin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142). Multiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143). Justin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144). The updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package.
    last seen2020-06-01
    modified2020-06-02
    plugin id37212
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37212
    titleMandriva Linux Security Advisory : python (MDVSA-2008:163)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1177.NASL
    descriptionFrom Red Hat Security Advisory 2009:1177 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id67897
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67897
    titleOracle Linux 4 : python (ELSA-2009-1177)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1178.NASL
    descriptionFrom Red Hat Security Advisory 2009:1178 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter
    last seen2020-06-01
    modified2020-06-02
    plugin id67898
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67898
    titleOracle Linux 3 : python (ELSA-2009-1178)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0DCCAA287F3C11DD8DE50030843D3802.NASL
    descriptionSecunia reports : Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule. An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results. Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems. An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a
    last seen2020-06-01
    modified2020-06-02
    plugin id34164
    published2008-09-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34164
    titleFreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-632-1.NASL
    descriptionIt was discovered that there were new integer overflows in the imageop module. If an attacker were able to trick a Python application into processing a specially crafted image, they could execute arbitrary code with user privileges. (CVE-2008-1679) Justin Ferguson discovered that the zlib module did not correctly handle certain archives. If an attacker were able to trick a Python application into processing a specially crafted archive file, they could execute arbitrary code with user privileges. (CVE-2008-1721) Justin Ferguson discovered that certain string manipulations in Python could be made to overflow. If an attacker were able to pass a specially crafted string through the PyString_FromStringAndSize function, they could execute arbitrary code with user privileges. (CVE-2008-1887) Multiple integer overflows were discovered in Python
    last seen2020-06-01
    modified2020-06-02
    plugin id33807
    published2008-08-04
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33807
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)

Oval

  • accepted2013-04-29T04:02:36.735-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionMultiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
    familyunix
    idoval:org.mitre.oval:def:10170
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMultiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
    version27
  • accepted2014-01-20T04:01:36.453-05:00
    classvulnerability
    contributors
    • namePai Peng
      organizationHewlett-Packard
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    • commentVMWare ESX Server 3.0.3 is installed
      ovaloval:org.mitre.oval:def:6026
    • commentVMware ESX Server 3.5.0 is installed
      ovaloval:org.mitre.oval:def:5887
    • commentVMware ESX Server 4.0 is installed
      ovaloval:org.mitre.oval:def:6293
    descriptionMultiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
    familyunix
    idoval:org.mitre.oval:def:7725
    statusaccepted
    submitted2010-03-19T16:57:59.000-04:00
    titleVMware python multiple integer overflows vulnerability in the PyOS_vsnprintf function
    version7

Redhat

rpms
  • python-0:2.4.3-24.el5_3.6
  • python-debuginfo-0:2.4.3-24.el5_3.6
  • python-devel-0:2.4.3-24.el5_3.6
  • python-tools-0:2.4.3-24.el5_3.6
  • tkinter-0:2.4.3-24.el5_3.6
  • python-0:2.3.4-14.7.el4_8.2
  • python-debuginfo-0:2.3.4-14.7.el4_8.2
  • python-devel-0:2.3.4-14.7.el4_8.2
  • python-docs-0:2.3.4-14.7.el4_8.2
  • python-tools-0:2.3.4-14.7.el4_8.2
  • tkinter-0:2.3.4-14.7.el4_8.2
  • python-0:2.2.3-6.11
  • python-debuginfo-0:2.2.3-6.11
  • python-devel-0:2.2.3-6.11
  • python-tools-0:2.2.3-6.11
  • tkinter-0:2.2.3-6.11

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 30491 CVE ID:CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CNCVE ID:CNCVE-20082315 CNCVE-20082316 CNCVE-20083142 CNCVE-20083143 CNCVE-20083144 Python是一款开放源代码的脚本编程语言。 Python中存在多个整数溢出漏洞,远程攻击者可以利用漏洞对应用程序进行拒绝服务或者任意代码执行攻击。 1) stringobject、unicodeobject、bufferobject、longobject、tupleobject、stropmodule、gcmodule、mmapmodule等核心模块中存在各种整数溢出。 2) hashlib模块中的整数溢出可导致不可信的加密摘要结果。 3) 在处理unicode字符串时unicode_resize()中的整数溢出可能在32位系统上出现缓冲区溢出错误。以下是有漏洞的代码段: static int unicode_resize(register PyUnicodeObject *unicode, Py_ssize_t length) { [...] oldstr = unicode-&gt;str; PyMem_RESIZE(unicode-&gt;str, Py_UNICODE, length + 1); [...] unicode-&gt;str[length] = 0; unicode-&gt;length = length; #define PyMem_RESIZE(p, type, n) \ ( assert((n) &lt;= PY_SIZE_MAX / sizeof(type)) , \ ( (p) = (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) ) 4) 在没有vsnprintf()函数的架构上,PyOS_vsnprintf()函数中存在整数溢出漏洞。以下是有漏洞的代码段: int PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) { int len; /* # bytes written, excluding \0 */ [...] assert(str != NULL); assert(size &gt; 0); assert(format != NULL); [...] /* Emulate it. */ buffer = PyMem_MALLOC(size + 512); if (buffer == NULL) { len = -666; goto Done; } len = vsprintf(buffer, format, va); if (len &lt; 0) /* ignore the error */; else if ((size_t)len &gt;= size + 512) Py_FatalError(&quot;Buffer overflow in PyOS_snprintf/PyOS_vsnprintf&quot;); else { const size_t to_copy = (size_t)len &lt; size ? (size_t)len : size - 1; assert(to_copy &lt; size); memcpy(str, buffer, to_copy); str[to_copy] = '\0'; } PyMem_FREE(buffer); Done: [...] str[size-1] = '\0'; return len; } 5) 当0长度的字符串发送给PyOS_vsnprintf()函数,就可能触发整数溢出,导致内存破坏。以下是有漏洞的代码段: int PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) { int len; /* # bytes written, excluding \0 */ #ifndef HAVE_SNPRINTF char *buffer; #endif assert(str != NULL); assert(size &gt; 0); assert(format != NULL); [...] len = vsnprintf(str, size, format, va); [...] str[size-1] = '\0'; return len; } Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.4 Python Software Foundation Python 2.4.3 + Trustix Secure Linux 3.0.5 Python Software Foundation Python 2.4.2 Python Software Foundation Python 2.4.1 Python Software Foundation Python 2.4 Python Software Foundation Python 2.3.6 Python Software Foundation Python 2.3.5 Python Software Foundation Python 2.3.4 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Python Software Foundation Python 2.3.3 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Python Software Foundation Python 2.3.2 Python Software Foundation Python 2.3.1 Python Software Foundation Python 2.3 b1 Python Software Foundation Python 2.3 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 Python Software Foundation Python 2.2.3 + RedHat Desktop 3.0 + RedHat Enterprise Linux AS 3 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux WS 3 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Python Software Foundation Python 2.2.2 + OpenPKG OpenPKG 1.2 + RedHat Linux 7.3 + S.u.S.E. Linux Personal 8.2 Python Software Foundation Python 2.2.1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.0 + OpenPKG OpenPKG 1.1 + S.u.S.E. Linux 8.1 Python Software Foundation Python 2.2 + Conectiva Linux 8.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 Python Software Foundation Python 2.1.3 + Debian Linux 3.0 Python Software Foundation Python 2.1.2 Python Software Foundation Python 2.1.1 + RedHat Linux 7.2 + Sun Linux 5.0.7 Python Software Foundation Python 2.1 + Conectiva Linux 7.0 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Python Software Foundation Python 2.0.1 Python Software Foundation Python 2.0 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 Python Software Foundation Python 2.5 Gentoo Linux Gentoo ------ Gentoo可参考如下安全公告获得相应补丁: <a href=http://security.gentoo.org/glsa/glsa-200807-16.xml target=_blank>http://security.gentoo.org/glsa/glsa-200807-16.xml</a> Python 2.4用户应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose &quot;&gt;=dev-lang/python-2.4.4-r14&quot; Python 2.5用户应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose &quot;&gt;=dev-lang/python-2.5.2-r6&quot; Python已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://svn.python.org/view?rev=65335&amp;view=rev target=_blank>http://svn.python.org/view?rev=65335&amp;view=rev</a>
    idSSV:3800
    last seen2017-11-19
    modified2008-08-07
    published2008-08-07
    reporterRoot
    titlePython存在多个缓冲区溢出漏洞
  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 30491 CVE(CAN) ID: CVE-2008-2315,CVE-2008-2316,CVE-2008-3142,CVE-2008-3143,CVE-2008-3144 Python是一种开放源代码的脚本编程语言。 Python中存在多个整数溢出漏洞,可能允许恶意用户导致拒绝服务或入侵有漏洞的系统。 1) stringobject、unicodeobject、bufferobject、longobject、tupleobject、stropmodule、gcmodule、mmapmodule等核心模块中存在各种整数溢出。 2) hashlib模块中的整数溢出可能导致不可信任的加密摘要结果。 3) 在处理unicode字符串时unicode_resize()中的整数溢出可能在32位系统上导致错误的内存分配。以下是有漏洞的代码段: 174 static 175 int unicode_resize(register PyUnicodeObject *unicode, 176 Py_ssize_t length) 177 { [...] 201 202 oldstr = unicode-&gt;str; 203 PyMem_RESIZE(unicode-&gt;str, Py_UNICODE, length + 1); [...] 209 unicode-&gt;str[length] = 0; 210 unicode-&gt;length = length; 211 95 #define PyMem_RESIZE(p, type, n) \ 96 ( assert((n) &lt;= PY_SIZE_MAX / sizeof(type)) , \ 97 ( (p) = (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) ) 4) 在不存在vsnprintf()函数的架构上,PyOS_vsnprintf()函数中存在整数溢出漏洞。以下是有漏洞的代码段: 53 int 54 PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) 55 { 56 int len; /* # bytes written, excluding \0 */ [...] 60 assert(str != NULL); 61 assert(size &gt; 0); 62 assert(format != NULL); 63 [...] 67 /* Emulate it. */ 68 buffer = PyMem_MALLOC(size + 512); 69 if (buffer == NULL) { 70 len = -666; 71 goto Done; 72 } 73 74 len = vsprintf(buffer, format, va); 75 if (len &lt; 0) 76 /* ignore the error */; 77 78 else if ((size_t)len &gt;= size + 512) 79 Py_FatalError(&quot;Buffer overflow in PyOS_snprintf/PyOS_vsnprintf&quot;); 80 81 else { 82 const size_t to_copy = (size_t)len &lt; size ? 83 (size_t)len : size - 1; 84 assert(to_copy &lt; size); 85 memcpy(str, buffer, to_copy); 86 str[to_copy] = '\0'; 87 } 88 PyMem_FREE(buffer); 89 Done: [...] 91 str[size-1] = '\0'; 92 return len; 93 } 5) 如果向PyOS_vsnprintf()函数传送了0长度的字符串的话,就可能触发整数溢出,导致内存破坏。以下是有漏洞的代码段: 53 int 54 PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) 55 { 56 int len; /* # bytes written, excluding \0 */ 57 #ifndef HAVE_SNPRINTF 58 char *buffer; 59 #endif 60 assert(str != NULL); 61 assert(size &gt; 0); 62 assert(format != NULL); [...] 65 len = vsnprintf(str, size, format, va); [...] 91 str[size-1] = '\0'; 92 return len; 93 } python 2.5.x python 2.4.x 厂商补丁: Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200807-16)以及相应补丁: GLSA-200807-16:Python: Multiple vulnerabilities 链接:<a href=http://security.gentoo.org/glsa/glsa-200807-16.xml target=_blank>http://security.gentoo.org/glsa/glsa-200807-16.xml</a> 所有Python 2.4用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose &quot;&gt;=dev-lang/python-2.4.4-r14&quot; 所有Python 2.5用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose &quot;&gt;=dev-lang/python-2.5.2-r6&quot; Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://svn.python.org/view?rev=65335&amp;view=rev target=_blank>http://svn.python.org/view?rev=65335&amp;view=rev</a>
    idSSV:3787
    last seen2017-11-19
    modified2008-08-06
    published2008-08-06
    reporterRoot
    titlePython多个整数溢出漏洞

References