Vulnerabilities > CVE-2010-3493 - Race Condition vulnerability in Python 3.1/3.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPYTHON2_6-1_0-101028.NASL description The following issues have been fixed : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop module. (CVE-2010-2089 / CVE-2010-1634) last seen 2020-06-01 modified 2020-06-02 plugin id 51134 published 2010-12-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51134 title SuSE 11 Security Update : Python (SAT Patch Number 3491) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(51134); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493"); script_name(english:"SuSE 11 Security Update : Python (SAT Patch Number 3491)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The following issues have been fixed : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop module. (CVE-2010-2089 / CVE-2010-1634)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609759" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=609761" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=638233" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1634.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2089.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3493.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 3491."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-base-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-gdbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-xml"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"libpython2_6-1_0-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-base-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-curses-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-devel-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"python-xml-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libpython2_6-1_0-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-base-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-base-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-curses-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-devel-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"python-xml-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"libpython2_6-1_0-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-base-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-curses-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-demo-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-gdbm-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-idle-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-tk-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"python-xml-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"libpython2_6-1_0-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"python-32bit-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"python-base-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.0-8.8.6.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"python-32bit-2.6.0-8.9.6.2")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"python-base-32bit-2.6.0-8.8.6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_PYTHON-7314.NASL description With this update of Python : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop and rgbimg modules. (CVE-2010-2089 / CVE-2010-1634 / CVE-2009-4134 / CVE-2010-1449 / CVE-2010-1450) last seen 2020-06-01 modified 2020-06-02 plugin id 51642 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51642 title SuSE 10 Security Update : Python (ZYPP Patch Number 7314) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(51642); script_version ("1.6"); script_cvs_date("Date: 2019/10/25 13:36:43"); script_cve_id("CVE-2009-4134", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493"); script_name(english:"SuSE 10 Security Update : Python (ZYPP Patch Number 7314)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "With this update of Python : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop and rgbimg modules. (CVE-2010-2089 / CVE-2010-1634 / CVE-2009-4134 / CVE-2010-1449 / CVE-2010-1450)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-4134.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1449.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1450.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1634.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2089.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3493.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7314."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:3, reference:"python-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-curses-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-devel-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-gdbm-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-tk-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"python-xml-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"python-32bit-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-curses-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-demo-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-devel-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-gdbm-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-idle-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-tk-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"python-xml-2.4.2-18.32.5")) flag++; if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"python-32bit-2.4.2-18.32.5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0491.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 53820 published 2011-05-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53820 title RHEL 4 : python (RHSA-2011:0491) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:0491. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(53820); script_version ("1.20"); script_cvs_date("Date: 2019/10/25 13:36:16"); script_cve_id("CVE-2009-3720", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521"); script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024); script_xref(name:"RHSA", value:"2011:0491"); script_name(english:"RHEL 4 : python (RHSA-2011:0491)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the 'file://' URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2011-1521) Multiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089) A race condition was found in the way the Python smtpd module handled new connections. A remote user could use this flaw to cause a Python script using the smtpd module to terminate. (CVE-2010-3493) An information disclosure flaw was found in the way the Python CGIHTTPServer module processed certain HTTP GET requests. A remote attacker could use a specially crafted request to obtain the CGI script's source code. (CVE-2011-1015) A buffer over-read flaw was found in the way the Python Expat parser handled malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause Python applications using the Python Expat parser to crash while parsing the file. (CVE-2009-3720) This update makes Python use the system Expat library rather than its own internal copy; therefore, users must have the version of Expat shipped with RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720 issue. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-3720" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-1634" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2089" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-3493" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1015" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1521" ); # https://rhn.redhat.com/errata/RHSA-2009-1625.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:1625" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2011:0491" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tkinter"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2011:0491"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"python-2.3.4-14.10.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"python-devel-2.3.4-14.10.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"python-docs-2.3.4-14.10.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"python-tools-2.3.4-14.10.el4")) flag++; if (rpm_check(release:"RHEL4", reference:"tkinter-2.3.4-14.10.el4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-docs / python-tools / tkinter"); } }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1596-1.NASL description It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the last seen 2020-06-01 modified 2020-06-02 plugin id 62436 published 2012-10-05 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62436 title Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1) NASL family Misc. NASL id VMWARE_VMSA-2012-0001_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - COS kernel - cURL - python - rpm last seen 2020-06-01 modified 2020-06-02 plugin id 89105 published 2016-03-03 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89105 title VMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0492.NASL description From Red Hat Security Advisory 2011:0492 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 68271 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68271 title Oracle Linux 5 : python (ELSA-2011-0492) NASL family Scientific Linux Local Security Checks NASL id SL_20110505_PYTHON_ON_SL4_X.NASL description A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 61033 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61033 title Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1613-2.NASL description USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62620 published 2012-10-18 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62620 title Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBPYTHON2_6-1_0-101028.NASL description - a race condition in the accept() implementation of smtpd.py could lead to a denial of service (CVE-2010-3493). - integer overflows and insufficient size checks could crash the audioop module (CVE-2010-2089, CVE-2010-1634). last seen 2020-06-01 modified 2020-06-02 plugin id 53756 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53756 title openSUSE Security Update : libpython2_6-1_0 (openSUSE-SU-2010:1049-1) NASL family Scientific Linux Local Security Checks NASL id SL_20110519_PYTHON_ON_SL6_X.NASL description Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 61046 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61046 title Scientific Linux Security Update : python on SL6.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-0491.NASL description From Red Hat Security Advisory 2011:0491 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 68270 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68270 title Oracle Linux 4 : python (ELSA-2011-0491) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBPYTHON2_6-1_0-101109.NASL description The following issues have been fixed : - a race condition in the accept() implementation of smtpd.py could lead to a denial of service. (CVE-2010-3493) - integer overflows and insufficient size checks could crash the audioop module. (CVE-2010-2089 / CVE-2010-1634) last seen 2020-06-01 modified 2020-06-02 plugin id 51623 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51623 title SuSE 11.1 Security Update : Python (SAT Patch Number 3493) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-216.NASL description Multiple vulnerabilities was discovered and corrected in python : The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections (CVE-2010-3492). Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492 (CVE-2010-3493). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50424 published 2010-11-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50424 title Mandriva Linux Security Advisory : python (MDVSA-2010:216) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0001.NASL description a. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues. b. ESX third-party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue. c. ESX third-party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. d. ESX third-party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues. e. ESX third-party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. f. ESX third-party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues. g. ESXi update to third-party component python The python third-party library is updated to python 2.5.6 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57749 published 2012-01-31 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57749 title VMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1613-1.NASL description It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62619 published 2012-10-18 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62619 title Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0492.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 53821 published 2011-05-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53821 title RHEL 5 : python (RHSA-2011:0492) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-04.NASL description The remote host is affected by the vulnerability described in GLSA-201401-04 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition or perform a man-in-the-middle attack to disclose sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71811 published 2014-01-07 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71811 title GLSA-201401-04 : Python: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1314-1.NASL description Giampaolo Rodola discovered that the smtpd module in Python 3 did not properly handle certain error conditions. A remote attacker could exploit this to cause a denial of service via daemon outage. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-3493) Niels Heinen discovered that the urllib module in Python 3 would process Location headers that specify a file:// URL. A remote attacker could use this to obtain sensitive information or cause a denial of service via resource consumption. (CVE-2011-1521). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57345 published 2011-12-20 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57345 title Ubuntu 10.04 LTS / 10.10 / 11.04 : python3.1, python3.2 vulnerabilities (USN-1314-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-215.NASL description Multiple vulnerabilities was discovered and corrected in python : Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference (CVE-2009-4134). Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12 (CVE-2010-1449). Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function (CVE-2010-1450). The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections (CVE-2010-3492). Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492 (CVE-2010-3493). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 50423 published 2010-11-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50423 title Mandriva Linux Security Advisory : python (MDVSA-2010:215) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-0554.NASL description Updated python packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 54592 published 2011-05-20 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54592 title RHEL 6 : python (RHSA-2011:0554) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0492.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 53815 published 2011-05-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53815 title CentOS 5 : python (CESA-2011:0492) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-0491.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the last seen 2020-06-01 modified 2020-06-02 plugin id 53814 published 2011-05-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53814 title CentOS 4 : python (CESA-2011:0491) NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBPYTHON2_6-1_0-101028.NASL description a race condition in the accept() implementation of smtpd.py could lead to a denial of service (CVE-2010-3493) last seen 2020-06-01 modified 2020-06-02 plugin id 75607 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75607 title openSUSE Security Update : libpython2_6-1_0 (openSUSE-SU-2010:1051-1)
Oval
| accepted | 2013-11-14T10:21:28.623-05:00 | ||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||
| description | Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. | ||||||||||||||||||||||||||||
| family | windows | ||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:12210 | ||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||
| submitted | 2010-11-18T10:50:19 | ||||||||||||||||||||||||||||
| title | Vulnerability in smtpd module in Python 2.6, 2.7, 3.1 and 3.2 alpha | ||||||||||||||||||||||||||||
| version | 85 |
Redhat
| rpms |
|
References
- http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289
- http://www.openwall.com/lists/oss-security/2010/09/24/3
- http://www.openwall.com/lists/oss-security/2010/09/11/2
- http://www.openwall.com/lists/oss-security/2010/09/22/3
- https://bugzilla.redhat.com/show_bug.cgi?id=632200
- http://bugs.python.org/issue9129
- http://svn.python.org/view?view=rev&revision=84289
- https://bugs.launchpad.net/zodb/+bug/135108
- http://www.openwall.com/lists/oss-security/2010/09/09/6
- http://bugs.python.org/issue6706
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:216
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
- http://www.securityfocus.com/bid/44533
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://www.vupen.com/english/advisories/2011/0212
- http://secunia.com/advisories/43068
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.ubuntu.com/usn/USN-1596-1
- http://www.ubuntu.com/usn/USN-1613-2
- http://www.ubuntu.com/usn/USN-1613-1
- http://secunia.com/advisories/51040
- http://secunia.com/advisories/50858
- http://secunia.com/advisories/51024
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210