Vulnerabilities > CVE-2010-2089 - Out-of-bounds Write vulnerability in Python
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 19 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Python 3.2 'audioop' Module Memory Corruption Vulnerability. CVE-2010-2089. Dos exploit for unix platform |
| id | EDB-ID:34145 |
| last seen | 2016-02-03 |
| modified | 2010-06-14 |
| published | 2010-06-14 |
| reporter | haypo |
| source | https://www.exploit-db.com/download/34145/ |
| title | Python <= 3.2 - 'audioop' Module Memory Corruption Vulnerability |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPYTHON2_6-1_0-101028.NASL description The following issues have been fixed : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop module. (CVE-2010-2089 / CVE-2010-1634) last seen 2020-06-01 modified 2020-06-02 plugin id 51134 published 2010-12-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51134 title SuSE 11 Security Update : Python (SAT Patch Number 3491) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(51134); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493"); script_name(english:"SuSE 11 Security Update : Python (SAT Patch Number 3491)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following issues have been fixed : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop module. (CVE-2010-2089 / CVE-2010-1634)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609759" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609761" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=638233" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1634.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2089.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3493.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 3491."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-base-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-gdbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-xml"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libpython2_6-1_0-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-base-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-curses-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-devel-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-xml-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libpython2_6-1_0-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-base-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-base-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-curses-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-devel-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-xml-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libpython2_6-1_0-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-base-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-curses-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-demo-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-gdbm-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-idle-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-tk-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-xml-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libpython2_6-1_0-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"python-32bit-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"python-base-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"python-32bit-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"python-base-32bit-2.6.0-8.8.6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_PYTHON-7314.NASL description With this update of Python : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop and rgbimg modules. (CVE-2010-2089 / CVE-2010-1634 / CVE-2009-4134 / CVE-2010-1449 / CVE-2010-1450) last seen 2020-06-01 modified 2020-06-02 plugin id 51642 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51642 title SuSE 10 Security Update : Python (ZYPP Patch Number 7314) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(51642); script_version ("1.6"); script_cvs_date("Date: 2019/10/25 13:36:43"); script_cve_id("CVE-2009-4134", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493"); script_name(english:"SuSE 10 Security Update : Python (ZYPP Patch Number 7314)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "With this update of Python : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop and rgbimg modules. (CVE-2010-2089 / CVE-2010-1634 / CVE-2009-4134 / CVE-2010-1449 / CVE-2010-1450)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-4134.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1449.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1450.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1634.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2089.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3493.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7314."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:3, reference:"python-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-curses-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-devel-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-gdbm-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-tk-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-xml-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"python-32bit-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-curses-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-demo-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-devel-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-gdbm-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-idle-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-tk-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-xml-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"python-32bit-2.4.2-18.32.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0491.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 53820 published 2011-05-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53820 title RHEL 4 : python (RHSA-2011:0491) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:0491. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(53820); script_version ("1.20"); script_cvs_date("Date: 2019/10/25 13:36:16"); script_cve_id("CVE-2009-3720", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521"); script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024); script_xref(name:"RHSA", value:"2011:0491"); script_name(english:"RHEL 4 : python (RHSA-2011:0491)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the 'file://' URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2011-1521) Multiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089) A race condition was found in the way the Python smtpd module handled new connections. A remote user could use this flaw to cause a Python script using the smtpd module to terminate. (CVE-2010-3493) An information disclosure flaw was found in the way the Python CGIHTTPServer module processed certain HTTP GET requests. A remote attacker could use a specially crafted request to obtain the CGI script's source code. (CVE-2011-1015) A buffer over-read flaw was found in the way the Python Expat parser handled malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause Python applications using the Python Expat parser to crash while parsing the file. (CVE-2009-3720) This update makes Python use the system Expat library rather than its own internal copy; therefore, users must have the version of Expat shipped with RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720 issue. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-3720" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-1634" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2089" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3493" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1015" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1521" ); # https://rhn.redhat.com/errata/RHSA-2009-1625.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:1625" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2011:0491" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tkinter"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2011:0491"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"python-2.3.4-14.10.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"python-devel-2.3.4-14.10.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"python-docs-2.3.4-14.10.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"python-tools-2.3.4-14.10.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"tkinter-2.3.4-14.10.el4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-docs / python-tools / tkinter"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1596-1.NASL description It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the last seen 2020-06-01 modified 2020-06-02 plugin id 62436 published 2012-10-05 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62436 title Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1) NASL family Misc. NASL id VMWARE_VMSA-2012-0001_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - COS kernel - cURL - python - rpm last seen 2020-06-01 modified 2020-06-02 plugin id 89105 published 2016-03-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89105 title VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9565.NASL description - Fri Jun 4 2010 David Malcolm <dmalcolm at redhat.com> - 2.6.2-8 - ensure that the compiler is invoked with last seen 2020-06-01 modified 2020-06-02 plugin id 47600 published 2010-07-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47600 title Fedora 12 : python-2.6.2-8.fc12 (2010-9565) NASL family Scientific Linux Local Security Checks NASL id SL_20110505_PYTHON_ON_SL4_X.NASL description A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 61033 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61033 title Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1613-2.NASL description USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62620 published 2012-10-18 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62620 title Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2) NASL family Fedora Local Security Checks NASL id FEDORA_2010-9652.NASL description - Fri Jun 4 2010 David Malcolm <dmalcolm at redhat.com> - 2.6.4-27 - ensure that the compiler is invoked with last seen 2020-06-01 modified 2020-06-02 plugin id 47547 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47547 title Fedora 13 : python-2.6.4-27.fc13 (2010-9652) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBPYTHON2_6-1_0-101028.NASL description - a race condition in the accept() implementation of smtpd.py could lead to a denial of service (CVE-2010-3493). - integer overflows and insufficient size checks could crash the audioop module (CVE-2010-2089, CVE-2010-1634). last seen 2020-06-01 modified 2020-06-02 plugin id 53756 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53756 title openSUSE Security Update : libpython2_6-1_0 (openSUSE-SU-2010:1049-1) NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_608089_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the big2_toUtf8() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application. (CVE-2009-3560) - A denial of service vulnerability exists in the updatePosition() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application. (CVE-2009-3720) - An integer overflow condition exists in the BZ2_decompress() function in file decompress.c in the bzip2 and libbzip2 library. A remote attacker can exploit this, via a crafted compressed file, to cause a denial of service or the execution of arbitrary code. (CVE-2010-0405) - A denial of service vulnerability exists in the audioop module due to multiple integer overflows conditions in file audioop.c. A remote attacker can exploit this, via a large fragment or argument, to cause a buffer overflow, resulting in an application crash. (CVE-2010-1634) - A denial of service vulnerability exists in the audioop module due to a failure to verify the relationships between size arguments and byte string length. A remote attacker can exploit this, via crafted arguments, to cause memory corruption, resulting in an application crash. (CVE-2010-2089) - A flaw exists in the urllib and urllib2 modules due to processing Location headers that specify redirection to a file. A remote attacker can exploit this, via a crafted URL, to gain sensitive information or cause a denial of service. (CVE-2011-1521) - A privilege escalation vulnerability exists due to an incorrect ACL being used for the VMware Tools folder. An attacker on an adjacent network with access to a guest operating system can exploit this to gain elevated privileges on the guest operating system. (CVE-2012-1518) last seen 2020-06-01 modified 2020-06-02 plugin id 70881 published 2013-11-13 reporter This script is (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70881 title ESXi 5.0 < Build 608089 Multiple Vulnerabilities (remote check) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL description The remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. (CVE-2007-4965) - Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context- dependent attackers to defeat cryptographic digests, related to partial hashlib hashing of data exceeding 4GB. (CVE-2008-2316) - Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. (CVE-2008-5983) - Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context- dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. (CVE-2010-1634) - The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one- byte string, a different vulnerability than CVE-2010-1634. (CVE-2010-2089) - The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a last seen 2020-06-01 modified 2020-06-02 plugin id 127154 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127154 title NewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_2.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreMedia - CoreProcesses - CoreStorage - File Systems - iChat Server - Kernel - libsecurity - Open Directory - PHP - python - QuickTime - SMB File Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 56480 published 2011-10-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56480 title Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0491.NASL description From Red Hat Security Advisory 2011:0491 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 68270 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68270 title Oracle Linux 4 : python (ELSA-2011-0491) NASL family Fedora Local Security Checks NASL id FEDORA_2010-13388.NASL description - Backport from F14: - Fix for lone surrogates, utf8 and certain encode error handlers. - Fix an incompatibility between pyexpat and the system expat-2.0.1 that led to a segfault running test_pyexpat.py (patch 110; upstream issue 9054; rhbz#610312) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49107 published 2010-09-04 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49107 title Fedora 13 : python3-3.1.2-7.fc13 (2010-13388) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPYTHON2_6-1_0-101109.NASL description The following issues have been fixed : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop module. (CVE-2010-2089 / CVE-2010-1634) last seen 2020-06-01 modified 2020-06-02 plugin id 51623 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51623 title SuSE 11.1 Security Update : Python (SAT Patch Number 3493) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0001.NASL description a. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues. b. ESX third-party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue. c. ESX third-party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. d. ESX third-party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues. e. ESX third-party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. f. ESX third-party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues. g. ESXi update to third-party component python The python third-party library is updated to python 2.5.6 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57749 published 2012-01-31 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57749 title VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1613-1.NASL description It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62619 published 2012-10-18 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62619 title Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-132.NASL description Multiple vulnerabilities has been found and corrected in python : Multiple integer overflows in audioop.c in the audioop module in Ptthon allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5 (CVE-2010-1634). The audioop module in Python does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634 (CVE-2010-2089). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48191 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48191 title Mandriva Linux Security Advisory : python (MDVSA-2010:132) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1616-1.NASL description It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. (CVE-2010-1634, CVE-2010-2089) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the last seen 2020-06-01 modified 2020-06-02 plugin id 62700 published 2012-10-25 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62700 title Ubuntu 10.04 LTS / 11.04 : python3.1 vulnerabilities (USN-1616-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0027.NASL description Updated python packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim last seen 2020-06-01 modified 2020-06-02 plugin id 51524 published 2011-01-14 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51524 title RHEL 5 : python (RHSA-2011:0027) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-04.NASL description The remote host is affected by the vulnerability described in GLSA-201401-04 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition or perform a man-in-the-middle attack to disclose sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71811 published 2014-01-07 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71811 title GLSA-201401-04 : Python: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2011-006.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 56481 published 2011-10-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56481 title Mac OS X Multiple Vulnerabilities (Security Update 2011-006) NASL family Scientific Linux Local Security Checks NASL id SL_20110113_PYTHON_ON_SL5_X.NASL description It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim last seen 2020-06-01 modified 2020-06-02 plugin id 60935 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60935 title Scientific Linux Security Update : python on SL5.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0491.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 53814 published 2011-05-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53814 title CentOS 4 : python (CESA-2011:0491)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | CVE ID: CVE-2010-2089 Python是一种开放源代码的脚本编程语言。 Python的audioop模块中的多数函数直接将字节字符串(音频数据)和size参数(采样的字节数)用作了输入,但没有检查字节字符串的长度为 size的整数倍。如果用户从音频文件读取了特制参数,就可能对未经初始化的内存执行读写访问,应用程序可能会崩溃。 Python Software Foundation Python 3.2 Python Software Foundation Python 2.7 厂商补丁: Python Software Foundation -------------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://bugs.python.org/file15823/audioop_check_length.patch |
| id | SSV:19709 |
| last seen | 2017-11-19 |
| modified | 2010-05-31 |
| published | 2010-05-31 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-19709 |
| title | Python audioop模块远程拒绝服务漏洞 |
References
- http://bugs.python.org/issue7673
- http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html
- http://www.securityfocus.com/bid/40863
- http://secunia.com/advisories/40194
- http://www.vupen.com/english/advisories/2010/1448
- https://bugzilla.redhat.com/show_bug.cgi?id=598197
- http://www.vupen.com/english/advisories/2011/0122
- http://www.redhat.com/support/errata/RHSA-2011-0027.html
- http://secunia.com/advisories/42888
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.vupen.com/english/advisories/2011/0212
- http://support.apple.com/kb/HT5002
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://www.ubuntu.com/usn/USN-1596-1
- http://www.ubuntu.com/usn/USN-1613-2
- http://www.ubuntu.com/usn/USN-1613-1
- http://secunia.com/advisories/51040
- http://secunia.com/advisories/50858
- http://www.ubuntu.com/usn/USN-1616-1
- http://secunia.com/advisories/51087
- http://secunia.com/advisories/51024