Vulnerabilities > CVE-2011-1521 - Resource Management Errors vulnerability in Python

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
python
CWE-399
nessus

Summary

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_PYTHON-7506.NASL
    descriptionThis update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib(2). CVE-2011-1521: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
    last seen2020-06-01
    modified2020-06-02
    plugin id57248
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57248
    titleSuSE 10 Security Update : python (ZYPP Patch Number 7506)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57248);
      script_version ("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:43");
    
      script_cve_id("CVE-2011-1521");
    
      script_name(english:"SuSE 10 Security Update : python (ZYPP Patch Number 7506)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of python fixes a possible denial of service bug or
    information leakage vulnerability while using user-crafted ftp:// or
    file:// URLs with urllib(2).
    
    CVE-2011-1521: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-1521.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7506.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/05/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"python-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"python-curses-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"python-devel-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"python-gdbm-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"python-tk-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, reference:"python-xml-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"python-32bit-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"python-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"python-curses-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"python-demo-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"python-devel-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"python-gdbm-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"python-idle-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"python-tk-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, reference:"python-xml-2.4.2-18.37.1")) flag++;
    if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"python-32bit-2.4.2-18.37.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0491.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the
    last seen2020-06-01
    modified2020-06-02
    plugin id53820
    published2011-05-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53820
    titleRHEL 4 : python (RHSA-2011:0491)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:0491. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53820);
      script_version ("1.20");
      script_cvs_date("Date: 2019/10/25 13:36:16");
    
      script_cve_id("CVE-2009-3720", "CVE-2010-1634", "CVE-2010-2089", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521");
      script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);
      script_xref(name:"RHSA", value:"2011:0491");
    
      script_name(english:"RHEL 4 : python (RHSA-2011:0491)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated python packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 4.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    Python is an interpreted, interactive, object-oriented programming
    language.
    
    A flaw was found in the Python urllib and urllib2 libraries where they
    would not differentiate between different target URLs when handling
    automatic redirects. This caused Python applications using these
    modules to follow any new URL that they understood, including the
    'file://' URL type. This could allow a remote server to force a local
    Python application to read a local file instead of the remote one,
    possibly exposing local files that were not meant to be exposed.
    (CVE-2011-1521)
    
    Multiple flaws were found in the Python audioop module. Supplying
    certain inputs could cause the audioop module to crash or, possibly,
    execute arbitrary code. (CVE-2010-1634, CVE-2010-2089)
    
    A race condition was found in the way the Python smtpd module handled
    new connections. A remote user could use this flaw to cause a Python
    script using the smtpd module to terminate. (CVE-2010-3493)
    
    An information disclosure flaw was found in the way the Python
    CGIHTTPServer module processed certain HTTP GET requests. A remote
    attacker could use a specially crafted request to obtain the CGI
    script's source code. (CVE-2011-1015)
    
    A buffer over-read flaw was found in the way the Python Expat parser
    handled malformed UTF-8 sequences when processing XML files. A
    specially crafted XML file could cause Python applications using the
    Python Expat parser to crash while parsing the file. (CVE-2009-3720)
    
    This update makes Python use the system Expat library rather than its
    own internal copy; therefore, users must have the version of Expat
    shipped with RHSA-2009:1625 installed, or a later version, to resolve
    the CVE-2009-3720 issue.
    
    All Python users should upgrade to these updated packages, which
    contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3720"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-1634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2089"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-3493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-1015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-1521"
      );
      # https://rhn.redhat.com/errata/RHSA-2009-1625.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2009:1625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2011:0491"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/05/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2011:0491";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"python-2.3.4-14.10.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"python-devel-2.3.4-14.10.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"python-docs-2.3.4-14.10.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"python-tools-2.3.4-14.10.el4")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"tkinter-2.3.4-14.10.el4")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-docs / python-tools / tkinter");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1596-1.NASL
    descriptionIt was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the
    last seen2020-06-01
    modified2020-06-02
    plugin id62436
    published2012-10-05
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62436
    titleUbuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBPYTHON2_6-1_0-110506.NASL
    descriptionThis update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib(2). CVE-2011-1521: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
    last seen2020-06-01
    modified2020-06-02
    plugin id53885
    published2011-05-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53885
    titleopenSUSE Security Update : libpython2_6-1_0 (openSUSE-SU-2011:0484-1)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2012-0001_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - COS kernel - cURL - python - rpm
    last seen2020-06-01
    modified2020-06-02
    plugin id89105
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89105
    titleVMware ESX / ESXi Service Console and Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0001) (remote check)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0492.NASL
    descriptionFrom Red Hat Security Advisory 2011:0492 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the
    last seen2020-06-01
    modified2020-06-02
    plugin id68271
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68271
    titleOracle Linux 5 : python (ELSA-2011-0492)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110505_PYTHON_ON_SL4_X.NASL
    descriptionA flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the
    last seen2020-06-01
    modified2020-06-02
    plugin id61033
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61033
    titleScientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1613-2.NASL
    descriptionUSN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62620
    published2012-10-18
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62620
    titleUbuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_PYTHON-RANDOMISATION-UPDATE-120516.NASL
    descriptionThis update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125) - hash randomization issues. (CVE-2012-1150, bnc#751718) - insecure creation of .pypirc. (CVE-2011-4944, bnc#754447) - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375) - functions can accept unicode kwargs. (bnc#744287) - python MainThread lacks ident. (bnc#754547) - TypeError: waitpid() takes no keyword arguments. (bnc#751714) - Source code exposure in CGIHTTPServer module. (CVE-2011-1015, bnc#674646) - Insecure redirect processing in urllib2 (CVE-2011-1521, bnc#682554) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes. To enable the hash seed randomization you can use: - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT. In generally enabling this is only needed when malicious third parties can inject values into your hash tables. The update to 2.6.8 also provides many compatibility fixes with OpenStack.
    last seen2020-06-05
    modified2013-01-25
    plugin id64220
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64220
    titleSuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_0_BUILD_608089_REMOTE.NASL
    descriptionThe remote VMware ESXi 5.0 host is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the big2_toUtf8() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application. (CVE-2009-3560) - A denial of service vulnerability exists in the updatePosition() function in file lib/xmltok.c in the libexpat library. A remote attacker can exploit this, via an XML document having malformed UTF-8 sequences, to cause a buffer over-read, thus crashing the application. (CVE-2009-3720) - An integer overflow condition exists in the BZ2_decompress() function in file decompress.c in the bzip2 and libbzip2 library. A remote attacker can exploit this, via a crafted compressed file, to cause a denial of service or the execution of arbitrary code. (CVE-2010-0405) - A denial of service vulnerability exists in the audioop module due to multiple integer overflows conditions in file audioop.c. A remote attacker can exploit this, via a large fragment or argument, to cause a buffer overflow, resulting in an application crash. (CVE-2010-1634) - A denial of service vulnerability exists in the audioop module due to a failure to verify the relationships between size arguments and byte string length. A remote attacker can exploit this, via crafted arguments, to cause memory corruption, resulting in an application crash. (CVE-2010-2089) - A flaw exists in the urllib and urllib2 modules due to processing Location headers that specify redirection to a file. A remote attacker can exploit this, via a crafted URL, to gain sensitive information or cause a denial of service. (CVE-2011-1521) - A privilege escalation vulnerability exists due to an incorrect ACL being used for the VMware Tools folder. An attacker on an adjacent network with access to a guest operating system can exploit this to gain elevated privileges on the guest operating system. (CVE-2012-1518)
    last seen2020-06-01
    modified2020-06-02
    plugin id70881
    published2013-11-13
    reporterThis script is (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70881
    titleESXi 5.0 < Build 608089 Multiple Vulnerabilities (remote check)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110519_PYTHON_ON_SL6_X.NASL
    descriptionPython is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the
    last seen2020-06-01
    modified2020-06-02
    plugin id61046
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61046
    titleScientific Linux Security Update : python on SL6.x i386/x86_64
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_7_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreMedia - CoreProcesses - CoreStorage - File Systems - iChat Server - Kernel - libsecurity - Open Directory - PHP - python - QuickTime - SMB File Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id56480
    published2011-10-13
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56480
    titleMac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0491.NASL
    descriptionFrom Red Hat Security Advisory 2011:0491 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the
    last seen2020-06-01
    modified2020-06-02
    plugin id68270
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68270
    titleOracle Linux 4 : python (ELSA-2011-0491)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1592-1.NASL
    descriptionNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the
    last seen2020-06-01
    modified2020-06-02
    plugin id62410
    published2012-10-03
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62410
    titleUbuntu 11.04 / 11.10 : python2.7 vulnerabilities (USN-1592-1)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2012-0001.NASL
    descriptiona. ESX third-party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues. b. ESX third-party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue. c. ESX third-party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. d. ESX third-party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues. e. ESX third-party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. f. ESX third-party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues. g. ESXi update to third-party component python The python third-party library is updated to python 2.5.6 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57749
    published2012-01-31
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57749
    titleVMSA-2012-0001 : VMware ESXi and ESX updates to third-party library and ESX Service Console
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_LIBPYTHON2_6-1_0-110506.NASL
    descriptionThis update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib(2). CVE-2011-1521: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
    last seen2020-06-01
    modified2020-06-02
    plugin id75916
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75916
    titleopenSUSE Security Update : libpython2_6-1_0 (openSUSE-SU-2011:0484-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1613-1.NASL
    descriptionIt was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62619
    published2012-10-18
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62619
    titleUbuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_PYTHON-RANDOMISATION-UPDATE-120517.NASL
    descriptionThis update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125) - hash randomization issues. (CVE-2012-1150, bnc#751718) - insecure creation of .pypirc. (CVE-2011-4944, bnc#754447) - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375) - functions can accept unicode kwargs. (bnc#744287) - python MainThread lacks ident. (bnc#754547) - TypeError: waitpid() takes no keyword arguments. (bnc#751714) - Source code exposure in CGIHTTPServer module. (CVE-2011-1015, bnc#674646) - Insecure redirect processing in urllib2 (CVE-2011-1521, bnc#682554) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes. To enable the hash seed randomization you can use: - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT. In generally enabling this is only needed when malicious third parties can inject values into your hash tables. The update to 2.6.8 also provides many compatibility fixes with OpenStack.
    last seen2020-06-05
    modified2013-01-25
    plugin id64221
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64221
    titleSuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPYTHON2_6-1_0-110506.NASL
    descriptionThis update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib(2). - CVE-2011-1521 : CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
    last seen2020-06-01
    modified2020-06-02
    plugin id54641
    published2011-05-25
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/54641
    titleSuSE 11.1 Security Update : Python (SAT Patch Number 4512)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PYTHON-7509.NASL
    descriptionThis update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib(2). CVE-2011-1521: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
    last seen2020-06-01
    modified2020-06-02
    plugin id54643
    published2011-05-25
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/54643
    titleSuSE 10 Security Update : python (ZYPP Patch Number 7509)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBPYTHON2_6-1_0-110506.NASL
    descriptionThis update of python fixes a possible denial of service bug or information leakage vulnerability while using user-crafted ftp:// or file:// URLs with urllib(2). CVE-2011-1521: CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
    last seen2020-06-01
    modified2020-06-02
    plugin id75608
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75608
    titleopenSUSE Security Update : libpython2_6-1_0 (openSUSE-SU-2011:0484-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0234-1.NASL
    descriptionThis update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133259
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133259
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0492.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the
    last seen2020-06-01
    modified2020-06-02
    plugin id53821
    published2011-05-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53821
    titleRHEL 5 : python (RHSA-2011:0492)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2011-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id56481
    published2011-10-13
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56481
    titleMac OS X Multiple Vulnerabilities (Security Update 2011-006)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1314-1.NASL
    descriptionGiampaolo Rodola discovered that the smtpd module in Python 3 did not properly handle certain error conditions. A remote attacker could exploit this to cause a denial of service via daemon outage. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-3493) Niels Heinen discovered that the urllib module in Python 3 would process Location headers that specify a file:// URL. A remote attacker could use this to obtain sensitive information or cause a denial of service via resource consumption. (CVE-2011-1521). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id57345
    published2011-12-20
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57345
    titleUbuntu 10.04 LTS / 10.10 / 11.04 : python3.1, python3.2 vulnerabilities (USN-1314-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0554.NASL
    descriptionUpdated python packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the
    last seen2020-06-01
    modified2020-06-02
    plugin id54592
    published2011-05-20
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/54592
    titleRHEL 6 : python (RHSA-2011:0554)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-096.NASL
    descriptionMultiple vulnerabilities have been identified and fixed in python : The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI (CVE-2011-1015). A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the file:// URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed (CVE-2011-1521). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id54611
    published2011-05-23
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/54611
    titleMandriva Linux Security Advisory : python (MDVSA-2011:096)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0492.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the
    last seen2020-06-01
    modified2020-06-02
    plugin id53815
    published2011-05-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53815
    titleCentOS 5 : python (CESA-2011:0492)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0491.NASL
    descriptionUpdated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the
    last seen2020-06-01
    modified2020-06-02
    plugin id53814
    published2011-05-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53814
    titleCentOS 4 : python (CESA-2011:0491)

Redhat

advisories
  • bugzilla
    id690560
    titleCVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commenttkinter is earlier than 0:2.3.4-14.10.el4
            ovaloval:com.redhat.rhsa:tst:20110491001
          • commenttkinter is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197010
        • AND
          • commentpython-docs is earlier than 0:2.3.4-14.10.el4
            ovaloval:com.redhat.rhsa:tst:20110491003
          • commentpython-docs is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197004
        • AND
          • commentpython-devel is earlier than 0:2.3.4-14.10.el4
            ovaloval:com.redhat.rhsa:tst:20110491005
          • commentpython-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197008
        • AND
          • commentpython-tools is earlier than 0:2.3.4-14.10.el4
            ovaloval:com.redhat.rhsa:tst:20110491007
          • commentpython-tools is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197006
        • AND
          • commentpython is earlier than 0:2.3.4-14.10.el4
            ovaloval:com.redhat.rhsa:tst:20110491009
          • commentpython is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060197002
    rhsa
    idRHSA-2011:0491
    released2011-05-05
    severityModerate
    titleRHSA-2011:0491: python security update (Moderate)
  • bugzilla
    id690560
    titleCVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentpython-tools is earlier than 0:2.4.3-44.el5
            ovaloval:com.redhat.rhsa:tst:20110492001
          • commentpython-tools is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20091176002
        • AND
          • commentpython-libs is earlier than 0:2.4.3-44.el5
            ovaloval:com.redhat.rhsa:tst:20110492003
          • commentpython-libs is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110027004
        • AND
          • commentpython-devel is earlier than 0:2.4.3-44.el5
            ovaloval:com.redhat.rhsa:tst:20110492005
          • commentpython-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20091176004
        • AND
          • commenttkinter is earlier than 0:2.4.3-44.el5
            ovaloval:com.redhat.rhsa:tst:20110492007
          • commenttkinter is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20091176008
        • AND
          • commentpython is earlier than 0:2.4.3-44.el5
            ovaloval:com.redhat.rhsa:tst:20110492009
          • commentpython is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20091176006
    rhsa
    idRHSA-2011:0492
    released2011-05-05
    severityModerate
    titleRHSA-2011:0492: python security update (Moderate)
  • bugzilla
    id690560
    titleCVE-2011-1521 python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentpython-docs is earlier than 0:2.6.6-2.el6
            ovaloval:com.redhat.rhsa:tst:20110554001
          • commentpython-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554002
        • AND
          • commenttkinter is earlier than 0:2.6.6-20.el6
            ovaloval:com.redhat.rhsa:tst:20110554003
          • commenttkinter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554004
        • AND
          • commentpython-test is earlier than 0:2.6.6-20.el6
            ovaloval:com.redhat.rhsa:tst:20110554005
          • commentpython-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554006
        • AND
          • commentpython-tools is earlier than 0:2.6.6-20.el6
            ovaloval:com.redhat.rhsa:tst:20110554007
          • commentpython-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554008
        • AND
          • commentpython-devel is earlier than 0:2.6.6-20.el6
            ovaloval:com.redhat.rhsa:tst:20110554009
          • commentpython-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554010
        • AND
          • commentpython is earlier than 0:2.6.6-20.el6
            ovaloval:com.redhat.rhsa:tst:20110554011
          • commentpython is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554012
        • AND
          • commentpython-libs is earlier than 0:2.6.6-20.el6
            ovaloval:com.redhat.rhsa:tst:20110554013
          • commentpython-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554014
    rhsa
    idRHSA-2011:0554
    released2011-05-19
    severityModerate
    titleRHSA-2011:0554: python security, bug fix, and enhancement update (Moderate)
rpms
  • python-0:2.3.4-14.10.el4
  • python-debuginfo-0:2.3.4-14.10.el4
  • python-devel-0:2.3.4-14.10.el4
  • python-docs-0:2.3.4-14.10.el4
  • python-tools-0:2.3.4-14.10.el4
  • tkinter-0:2.3.4-14.10.el4
  • python-0:2.4.3-44.el5
  • python-debuginfo-0:2.4.3-44.el5
  • python-devel-0:2.4.3-44.el5
  • python-libs-0:2.4.3-44.el5
  • python-tools-0:2.4.3-44.el5
  • tkinter-0:2.4.3-44.el5
  • python-0:2.6.6-20.el6
  • python-debuginfo-0:2.6.6-20.el6
  • python-devel-0:2.6.6-20.el6
  • python-docs-0:2.6.6-2.el6
  • python-libs-0:2.6.6-20.el6
  • python-test-0:2.6.6-20.el6
  • python-tools-0:2.6.6-20.el6
  • tkinter-0:2.6.6-20.el6