Vulnerabilities > CVE-2013-4238 - Improper Input Validation vulnerability in multiple products

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(73337);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2013-1752", "CVE-2013-4238");

  script_name(english:"LibreOffice < 4.1.5 / 4.2.0 Python Multiple Vulnerabilities (Mac OS X)");
  script_summary(english:"Checks version of LibreOffice");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that is affected by multiple
vulnerabilities with Python.");
  script_set_attribute(attribute:"description", value:
"A version of LibreOffice prior to 4.1.5 / 4.2.0 is installed on the
remote Mac OS X host. It is, therefore, reportedly affected by
multiple vulnerabilities including a denial of service vulnerability
related to Python.

A remote attacker could use these flaws to cause a denial of service
or to conduct spoofing attacks.

Note that Nessus has not attempted to exploit these issues, but has
instead relied only on the self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://www.libreoffice.org/about-us/security/advisories/cve-2013-1752/");
  # http://blog.documentfoundation.org/2012/07/11/libreoffice-3-5-5-is-available/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc6741ee");
  # http://blog.documentfoundation.org/2014/01/30/libreoffice-4-2-focusing-on-performance-and-interoperability-and-improving-the-integration-with-microsoft-windows/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a594575e");
  script_set_attribute(attribute:"solution", value:
"Upgrade to LibreOffice version 4.1.5 / 4.2.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4238");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:libreoffice:libreoffice");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_libreoffice_installed.nasl");
  script_require_keys("MacOSX/LibreOffice/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

kb_base = "MacOSX/LibreOffice";
get_kb_item_or_exit(kb_base+"/Installed");
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);
version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);

if (
  # nb: first release of LibreOffice was 3.3.0.
  version =~ "^3" ||
  (version =~ "^4\.1\." && ver_compare(ver:version, fix:'4.1.5.1', strict:FALSE) == -1) ||
  (version =~ "^4\.2\." && ver_compare(ver:version, fix:'4.2.0.1', strict:FALSE) == -1)
)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 4.1.5 / 4.2.0\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "LibreOffice", version, path);

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(71199);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");

  script_cve_id("CVE-2013-4238");

  script_name(english:"Scientific Linux Security Update : python on SL6.x i386/x86_64 (20131121)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was found in the way the Python SSL module handled X.509
certificate fields that contain a NULL byte. An attacker could
potentially exploit this flaw to conduct man-in-the-middle attacks to
spoof SSL servers. Note that to exploit this issue, an attacker would
need to obtain a carefully crafted certificate signed by an authority
that the client trusts. (CVE-2013-4238)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=1182
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?bf3bc296"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tkinter");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"python-2.6.6-51.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-debuginfo-2.6.6-51.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-devel-2.6.6-51.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-libs-2.6.6-51.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-test-2.6.6-51.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-tools-2.6.6-51.el6")) flag++;
if (rpm_check(release:"SL6", reference:"tkinter-2.6.6-51.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debuginfo / python-devel / python-libs / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-15254.
#

include("compat.inc");

if (description)
{
  script_id(69487);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2013-4238");
  script_bugtraq_id(61738);
  script_xref(name:"FEDORA", value:"2013-15254");

  script_name(english:"Fedora 19 : python3-3.3.2-6.fc19 (2013-15254)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Fix for CVE-2013-4238

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=996381"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114814.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4f07a7fe"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected python3 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC19", reference:"python3-3.3.2-6.fc19")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3");
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2013:214. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(69439);
  script_version("1.11");
  script_cvs_date("Date: 2019/08/02 13:32:55");

  script_cve_id("CVE-2013-4238");
  script_bugtraq_id(61738);
  script_xref(name:"MDVSA", value:"2013:214");

  script_name(english:"Mandriva Linux Security Advisory : python (MDVSA-2013:214)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated python packages fix security vulnerability :

Ryan Sleevi of the Google Chrome Security Team has discovered that
Python's SSL module doesn't handle NULL bytes inside subjectAltNames
general names. This could lead to a breach when an application uses
ssl.match_hostname() to match the hostname againt the certificate's
subjectAltName's dNSName general names. (CVE-2013-4238)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2013-0250.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python2.7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter-apps");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/22");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64python-devel-2.7.3-4.4.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64python2.7-2.7.3-4.4.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"python-2.7.3-4.4.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", reference:"python-docs-2.7.3-4.4.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tkinter-2.7.3-4.4.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"tkinter-apps-2.7.3-4.4.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(70724);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-4238");

  script_name(english:"SuSE 11.2 / 11.3 Security Update : Python (SAT Patch Numbers 8404 / 8405)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This python update fixes a certificate hostname issue.

  - python: SSL module does not handle certificates that
    contain hostnames with NULL bytes. (bnc#834601:
    CVE-2013-4238)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834601"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4238.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Apply SAT patch number 8404 / 8405 as appropriate."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-base-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-curses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-gdbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-idle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:python-xml");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);


flag = 0;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"libpython2_6-1_0-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"python-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"python-base-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"python-curses-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"python-devel-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"python-tk-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"python-xml-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libpython2_6-1_0-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"python-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"python-base-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"python-base-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"python-curses-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"python-devel-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"python-tk-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"python-xml-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"libpython2_6-1_0-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"python-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"python-base-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"python-curses-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"python-devel-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"python-tk-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"python-xml-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpython2_6-1_0-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"python-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"python-base-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"python-base-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"python-curses-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"python-devel-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"python-tk-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"python-xml-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"libpython2_6-1_0-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"python-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"python-base-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"python-curses-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"python-demo-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"python-gdbm-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"python-idle-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"python-tk-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, reference:"python-xml-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libpython2_6-1_0-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"python-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"python-base-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"python-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"python-base-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"libpython2_6-1_0-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"python-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"python-base-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"python-curses-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"python-demo-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"python-gdbm-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"python-idle-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"python-tk-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, reference:"python-xml-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"libpython2_6-1_0-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"python-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"python-base-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"python-32bit-2.6.8-0.23.1")) flag++;
if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"python-base-32bit-2.6.8-0.23.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2013:1527. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(78979);
  script_version("1.13");
  script_cvs_date("Date: 2019/10/24 15:35:37");

  script_cve_id("CVE-2010-5107", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-4238", "CVE-2013-4344");
  script_bugtraq_id(58162, 61738, 62042, 62043, 62049, 62773);
  script_xref(name:"RHSA", value:"2013:1527");

  script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)");
  script_summary(english:"Checks the rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated rhev-hypervisor6 package that fixes multiple security
issues and one bug is now available.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The rhev-hypervisor6 package provides a Red Hat Enterprise
Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
(KVM) hypervisor. It includes everything necessary to run and manage
virtual machines: a subset of the Red Hat Enterprise Linux operating
environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available
for the Intel 64 and AMD64 architectures with virtualization
extensions.

Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization
Hypervisor through the 3.2 Manager administration portal, the Host may
appear with the status of 'Install Failed'. If this happens, place the
host into maintenance mode, then activate it again to get the host
back to an 'Up' state.

A buffer overflow flaw was found in the way QEMU processed the SCSI
'REPORT LUNS' command when more than 256 LUNs were specified for a
single SCSI target. A privileged guest user could use this flaw to
corrupt QEMU process memory on the host, which could potentially
result in arbitrary code execution on the host with the privileges of
the QEMU process. (CVE-2013-4344)

Multiple flaws were found in the way Linux kernel handled HID (Human
Interface Device) reports. An attacker with physical access to the
system could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2013-2888,
CVE-2013-2889, CVE-2013-2892)

A flaw was found in the way the Python SSL module handled X.509
certificate fields that contain a NULL byte. An attacker could
potentially exploit this flaw to conduct man-in-the-middle attacks to
spoof SSL servers. Note that to exploit this issue, an attacker would
need to obtain a carefully crafted certificate signed by an authority
that the client trusts. (CVE-2013-4238)

The default OpenSSH configuration made it easy for remote attackers to
exhaust unauthorized connection slots and prevent other users from
being able to log in to a system. This flaw has been addressed by
enabling random early connection drops by setting MaxStartups to
10:30:100 by default. For more information, refer to the
sshd_config(5) man page. (CVE-2010-5107)

The CVE-2013-4344 issue was discovered by Asias He of Red Hat.

This updated package provides updated components that include fixes
for various security issues. These issues have no security impact on
Red Hat Enterprise Virtualization Hypervisor itself, however. The
security fixes included in this update address the following CVE
numbers :

CVE-2012-0786 and CVE-2012-0787 (augeas issues)

CVE-2013-1813 (busybox issue)

CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)

CVE-2012-4453 (dracut issue)

CVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)

CVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591,
CVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929,
CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and
CVE-2013-2851 (kernel issues)

CVE-2013-4242 (libgcrypt issue)

CVE-2013-4419 (libguestfs issue)

CVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)

This update also fixes the following bug :

* A previous version of the rhev-hypervisor6 package did not contain
the latest vhostmd package, which provides a 'metrics communication
channel' between a host and its hosted virtual machines, allowing
limited introspection of host resource usage from within virtual
machines. This has been fixed, and rhev-hypervisor6 now includes the
latest vhostmd package. (BZ#1026703)

This update also contains the fixes from the following errata :

* ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html

Users of the Red Hat Enterprise Virtualization Hypervisor are advised
to upgrade to this updated package, which corrects these issues."
  );
  # https://rhn.redhat.com/errata/RHBA-2013-1528.html
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHBA-2013:1528"
  );
  # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c6b506c4"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2013:1527"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2892"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-4344"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-5107"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-2889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2013-4238"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rhev-hypervisor6 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2013:1527";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.5-20131115.0.3.2.el6_5")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
  }
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-213.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75294);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-1752", "CVE-2013-1753", "CVE-2013-4238", "CVE-2014-1912");

  script_name(english:"openSUSE Security Update : python (openSUSE-SU-2014:0380-1)");
  script_summary(english:"Check for the openSUSE-2014-213 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Python was updated to 2.7.6 to fix bugs and security issues :

  - bugfix-only release

  - SSL-related fixes

  - upstream fix for CVE-2013-4238

  - upstream fixes for CVE-2013-1752

  - added patches for CVE-2013-1752 (bnc#856836) issues that
    are missing in 2.7.6: python-2.7.6-imaplib.patch
    python-2.7.6-poplib.patch smtplib_maxline-2.7.patch

  - CVE-2013-1753 (bnc#856835) gzip decompression bomb in
    xmlrpc client: xmlrpc_gzip_27.patch

  - python-2.7.6-bdist-rpm.patch: fix broken 'setup.py
    bdist_rpm' command (bnc#857470, issue18045)

  - multilib patch: add '~/.local/lib64' paths to search
    path (bnc#637176)

  - CVE-2014-1912-recvfrom_into.patch: fix potential buffer
    overflow in socket.recvfrom_into (CVE-2014-1912,
    bnc#863741)

  - Add Obsoletes/Provides for python-ctypes.

  - reintroduce audioop.so as the problems with it seem to
    be fixed (bnc#831442)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=637176"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=831442"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=856835"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=856836"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=857470"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=863741"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2014-03/msg00044.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected python packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-idle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"libpython2_7-1_0-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libpython2_7-1_0-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-base-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-base-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-base-debugsource-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-curses-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-curses-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-debugsource-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-demo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-devel-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-doc-pdf-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-gdbm-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-gdbm-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-idle-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-tk-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-tk-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-xml-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-xml-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpython2_7-1_0-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpython2_7-1_0-debuginfo-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python-base-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python-base-debuginfo-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python-debuginfo-32bit-2.7.6-8.6.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2880. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(73065);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2013-4238", "CVE-2014-1912");
  script_bugtraq_id(61738, 65379);
  script_xref(name:"DSA", value:"2880");

  script_name(english:"Debian DSA-2880-1 : python2.7 - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues were discovered in Python :

  - CVE-2013-4238
    Ryan Sleevi discovered that NULL characters in the
    subject alternate names of SSL cerficates were parsed
    incorrectly.

  - CVE-2014-1912
    Ryan Smith-Roberts discovered a buffer overflow in the
    socket.recvfrom_into() function."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-4238"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-1912"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/python2.7"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2014/dsa-2880"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the python2.7 packages.

For the stable distribution (wheezy), these problems have been fixed
in version 2.7.3-6+deb7u2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"idle-python2.7", reference:"2.7.3-6+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libpython2.7", reference:"2.7.3-6+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"python2.7", reference:"2.7.3-6+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"python2.7-dbg", reference:"2.7.3-6+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"python2.7-dev", reference:"2.7.3-6+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"python2.7-doc", reference:"2.7.3-6+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"python2.7-examples", reference:"2.7.3-6+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"python2.7-minimal", reference:"2.7.3-6+deb7u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2019-0008. The text
# itself is copyright (C) ZTE, Inc.

include("compat.inc");

if (description)
{
  script_id(127154);
  script_version("1.3");
  script_cvs_date("Date: 2019/09/24 11:01:33");

  script_cve_id(
    "CVE-2007-4965",
    "CVE-2008-2316",
    "CVE-2008-5983",
    "CVE-2010-1634",
    "CVE-2010-2089",
    "CVE-2013-4238"
  );

  script_name(english:"NewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008)");

  script_set_attribute(attribute:"synopsis", value:
"The remote machine is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple
vulnerabilities:

  - Multiple integer overflows in the imageop module in
    Python 2.5.1 and earlier allow context-dependent
    attackers to cause a denial of service (application
    crash) and possibly obtain sensitive information (memory
    contents) via crafted arguments to (1) the tovideo
    method, and unspecified other vectors related to (2)
    imageop.c, (3) rbgimgmodule.c, and other files, which
    trigger heap-based buffer overflows. (CVE-2007-4965)

  - Integer overflow in _hashopenssl.c in the hashlib module
    in Python 2.5.2 and earlier might allow context-
    dependent attackers to defeat cryptographic digests,
    related to partial hashlib hashing of data exceeding
    4GB. (CVE-2008-2316)

  - Untrusted search path vulnerability in the PySys_SetArgv
    API function in Python 2.6 and earlier, and possibly
    later versions, prepends an empty string to sys.path
    when the argv[0] argument does not contain a path
    separator, which might allow local users to execute
    arbitrary code via a Trojan horse Python file in the
    current working directory. (CVE-2008-5983)

  - Multiple integer overflows in audioop.c in the audioop
    module in Python 2.6, 2.7, 3.1, and 3.2 allow context-
    dependent attackers to cause a denial of service
    (application crash) via a large fragment, as
    demonstrated by a call to audioop.lin2lin with a long
    string in the first argument, leading to a buffer
    overflow. NOTE: this vulnerability exists because of an
    incorrect fix for CVE-2008-3143.5. (CVE-2010-1634)

  - The audioop module in Python 2.7 and 3.2 does not verify
    the relationships between size arguments and byte string
    lengths, which allows context-dependent attackers to
    cause a denial of service (memory corruption and
    application crash) via crafted arguments, as
    demonstrated by a call to audioop.reverse with a one-
    byte string, a different vulnerability than
    CVE-2010-1634. (CVE-2010-2089)

  - The ssl.match_hostname function in the SSL module in
    Python 2.6 through 3.4 does not properly handle a '\0'
    character in a domain name in the Subject Alternative
    Name field of an X.509 certificate, which allows man-in-
    the-middle attackers to spoof arbitrary SSL servers via
    a crafted certificate issued by a legitimate
    Certification Authority, a related issue to
    CVE-2009-2408. (CVE-2013-4238)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0008");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL python packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2008-2316");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(189);

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/09/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/ZTE-CGSL/release");
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");

if (release !~ "CGSL MAIN 5.04")
  audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');

if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);

flag = 0;

pkgs = {
  "CGSL MAIN 5.04": [
    "python-2.7.5-58.el7.cgslv5.0.1.g6d96868",
    "python-debug-2.7.5-58.el7.cgslv5.0.1.g6d96868",
    "python-debuginfo-2.7.5-58.el7.cgslv5.0.1.g6d96868",
    "python-devel-2.7.5-58.el7.cgslv5.0.1.g6d96868",
    "python-libs-2.7.5-58.el7.cgslv5.0.1.g6d96868",
    "python-test-2.7.5-58.el7.cgslv5.0.1.g6d96868",
    "python-tools-2.7.5-58.el7.cgslv5.0.1.g6d96868",
    "tkinter-2.7.5-58.el7.cgslv5.0.1.g6d96868"
  ]
};
pkg_list = pkgs[release];

foreach (pkg in pkg_list)
  if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-15146.
#

include("compat.inc");

if (description)
{
  script_id(69463);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2013-4238");
  script_bugtraq_id(61738);
  script_xref(name:"FEDORA", value:"2013-15146");

  script_name(english:"Fedora 19 : python-2.7.5-4.fc19 (2013-15146)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Fix for CVE-2013-4238

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=996381"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114663.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?682edcdf"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected python package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC19", reference:"python-2.7.5-4.fc19")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-695.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(75136);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2013-4238");

  script_name(english:"openSUSE Security Update : python3 (openSUSE-SU-2013:1437-1)");
  script_summary(english:"Check for the openSUSE-2013-695 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This python update includes a SSL certificates fix and other minor
changes.

  - disable test_io on ppc* as it hangs

  - handle NULL bytes in certain fields of SSL certificates
    (CVE-2013-4238, bnc#834601, CVE-2013-4238-py32.patch)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834601"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected python3 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_2mu1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_2mu1_0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_2mu1_0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_2mu1_0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-2to3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-curses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-curses-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-dbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-dbm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-idle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-testsuite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-xml-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"libpython3_2mu1_0-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libpython3_2mu1_0-debuginfo-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-2to3-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-base-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-base-debuginfo-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-base-debugsource-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-curses-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-curses-debuginfo-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-dbm-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-dbm-debuginfo-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-debuginfo-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-debugsource-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-devel-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-doc-pdf-3.2-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-idle-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-testsuite-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-testsuite-debuginfo-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-tk-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-tk-debuginfo-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-tools-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-xml-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"python3-xml-debuginfo-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libpython3_2mu1_0-32bit-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libpython3_2mu1_0-debuginfo-32bit-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"python3-32bit-3.2.3-1.4.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"python3-debuginfo-32bit-3.2.3-1.4.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpython3_2mu1_0 / libpython3_2mu1_0-32bit / etc");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124937);
  script_version("1.5");
  script_cvs_date("Date: 2020/01/17");

  script_cve_id(
    "CVE-2013-1752",
    "CVE-2013-4238",
    "CVE-2014-4616",
    "CVE-2014-7185",
    "CVE-2014-9365",
    "CVE-2016-0772",
    "CVE-2016-2183",
    "CVE-2016-5636",
    "CVE-2016-5699",
    "CVE-2017-1000158",
    "CVE-2018-1060",
    "CVE-2018-1061",
    "CVE-2018-14647",
    "CVE-2019-5010",
    "CVE-2019-9636",
    "CVE-2019-9948"
  );
  script_bugtraq_id(
    61738,
    63804,
    68119,
    70089,
    71639
  );

  script_name(english:"EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the python packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :

  - It was found that Python's smtplib library did not
    return an exception when StartTLS failed to be
    established in the SMTP.starttls() function. A man in
    the middle attacker could strip out the STARTTLS
    command without generating an exception on the Python
    SMTP client application, preventing the establishment
    of the TLS layer.(CVE-2016-0772)

  - A vulnerability was discovered in Python, in the
    built-in zipimporter. A specially crafted zip file
    placed in a module path such that it would be loaded by
    a later 'import' statement could cause a heap overflow,
    leading to arbitrary code execution.(CVE-2016-5636)

  - A flaw was found in the way the DES/3DES cipher was
    used as part of the TLS/SSL protocol. A
    man-in-the-middle attacker could use this flaw to
    recover some plaintext data by capturing large amounts
    of encrypted traffic between TLS/SSL server and client
    if the communication used a DES/3DES based
    ciphersuite.(CVE-2016-2183)

  - The Python standard library HTTP client modules (such
    as httplib or urllib) did not perform verification of
    TLS/SSL certificates when connecting to HTTPS servers.
    A man-in-the-middle attacker could use this flaw to
    hijack connections and eavesdrop or modify transferred
    data.(CVE-2014-9365)

  - An integer overflow flaw was found in the way the
    buffer() function handled its offset and size
    arguments. An attacker able to control those arguments
    could use this flaw to disclose portions of the
    application memory or cause it to crash.(CVE-2014-7185)

  - A flaw was found in the way catastrophic backtracking
    was implemented in python's pop3lib's apop() method. An
    attacker could use this flaw to cause denial of
    service.(CVE-2018-1060)

  - The ssl.match_hostname function in the SSL module in
    Python 2.6 through 3.4 does not properly handle a '\\0'
    character in a domain name in the Subject Alternative
    Name field of an X.509 certificate, which allows
    man-in-the-middle attackers to spoof arbitrary SSL
    servers via a crafted certificate issued by a
    legitimate Certification Authority, a related issue to
    CVE-2009-2408.(CVE-2013-4238)

  - It was found that the Python's httplib library (used by
    urllib, urllib2 and others) did not properly check
    HTTPConnection.putheader() function arguments. An
    attacker could use this flaw to inject additional
    headers in a Python application that allowed user
    provided header names or values.(CVE-2016-5699)

  - CPython (aka Python) up to 2.7.13 is vulnerable to an
    integer overflow in the PyString_DecodeEscape function
    in stringobject.c, resulting in heap-based buffer
    overflow (and possible arbitrary code
    execution)(CVE-2017-1000158)

  - A flaw was found in the way catastrophic backtracking
    was implemented in python's difflib.IS_LINE_JUNK
    method. An attacker could use this flaw to cause denial
    of service.(CVE-2018-1061)

  - It was discovered that multiple Python standard library
    modules implementing network protocols (such as httplib
    or smtplib) failed to restrict sizes of server
    responses. A malicious server could cause a client
    using one of the affected modules to consume an
    excessive amount of memory.(CVE-2013-1752)

  - A flaw was found in the way the json module handled
    negative index argument passed to certain functions
    (such as raw_decode()). An attacker able to control
    index value passed to one of the affected functions
    could possibly use this flaw to disclose portions of
    the application memory.(CVE-2014-4616)

  - urllib in Python 2.x through 2.7.16 supports the
    local_file: scheme, which makes it easier for remote
    attackers to bypass protection mechanisms that
    blacklist file: URIs, as demonstrated by triggering a
    urllib.urlopen('local_file:///etc/passwd')
    call.(CVE-2019-9948)

  - Python's elementtree C accelerator failed to initialise
    Expat's hash salt during initialization. This could
    make it easy to conduct denial of service attacks
    against Expat by contructing an XML document that would
    cause pathological hash collisions in Expat's internal
    data structures, consuming large amounts CPU and
    RAM.(CVE-2018-14647)

  - A null pointer dereference vulnerability was found in
    the certificate parsing code in Python. This causes a
    denial of service to applications when parsing
    specially crafted certificates. This vulnerability is
    unlikely to be triggered if application enables SSL/TLS
    certificate validation and accepts certificates only
    from trusted root certificate
    authorities.(CVE-2019-5010)

  - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is
    affected by: Improper Handling of Unicode Encoding
    (with an incorrect netloc) during NFKC normalization.
    The impact is: Information disclosure (credentials,
    cookies, etc. that are cached against a given
    hostname). The components are: urllib.parse.urlsplit,
    urllib.parse.urlparse. The attack vector is: A
    specially crafted URL could be incorrectly parsed to
    locate cookies or authentication data and send that
    information to a different host than when parsed
    correctly.(CVE-2019-9636)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1434
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?776f9511");
  script_set_attribute(attribute:"solution", value:
"Update the affected python packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tkinter");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["python-2.7.5-69.h19",
        "python-devel-2.7.5-69.h19",
        "python-libs-2.7.5-69.h19",
        "python-tools-2.7.5-69.h19",
        "tkinter-2.7.5-69.h19"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1985-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(70269);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2013-2099", "CVE-2013-4238");
  script_bugtraq_id(59877, 61738);
  script_xref(name:"USN", value:"1985-1");

  script_name(english:"Ubuntu 12.10 / 13.04 : python3.3 vulnerabilities (USN-1985-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Florian Weimer discovered that Python incorrectly handled matching
multiple wildcards in ssl certificate hostnames. An attacker could
exploit this to cause Python to consume resources, resulting in a
denial of service. (CVE-2013-2099)

Ryan Sleevi discovered that Python did not properly handle
certificates with NULL characters in the Subject Alternative Name
field. An attacker could exploit this to perform a man in the middle
attack to view sensitive information or alter encrypted
communications. (CVE-2013-4238).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1985-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected python3.3 and / or python3.3-minimal packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.3-minimal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(12\.10|13\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.10 / 13.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"12.10", pkgname:"python3.3", pkgver:"3.3.0-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"12.10", pkgname:"python3.3-minimal", pkgver:"3.3.0-1ubuntu0.1")) flag++;
if (ubuntu_check(osver:"13.04", pkgname:"python3.3", pkgver:"3.3.1-1ubuntu5.2")) flag++;
if (ubuntu_check(osver:"13.04", pkgname:"python3.3-minimal", pkgver:"3.3.1-1ubuntu5.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3.3 / python3.3-minimal");
}