Vulnerabilities > CVE-2013-4346 - Cryptographic Issues vulnerability in Urbanairship Python-Oauth2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-10809.NASL description Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-29 plugin id 77925 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77925 title Fedora 21 : python-oauth2-1.5.211-7.fc21 (2014-10809) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-10809. # include("compat.inc"); if (description) { script_id(77925); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4346", "CVE-2013-4347"); script_bugtraq_id(62386, 62388); script_xref(name:"FEDORA", value:"2014-10809"); script_name(english:"Fedora 21 : python-oauth2-1.5.211-7.fc21 (2014-10809)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1007746" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1007758" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138874.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?561645df" ); script_set_attribute( attribute:"solution", value:"Update the affected python-oauth2 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-oauth2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"python-oauth2-1.5.211-7.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-oauth2"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-425.NASL description The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute-force attack. last seen 2020-06-01 modified 2020-06-02 plugin id 78448 published 2014-10-15 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78448 title Amazon Linux AMI : python-oauth2 (ALAS-2014-425) NASL family Fedora Local Security Checks NASL id FEDORA_2014-12483.NASL description Actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson). Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-11-03 plugin id 78788 published 2014-11-03 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78788 title Fedora 21 : python-oauth2-1.5.211-8.fc21 (2014-12483) NASL family Fedora Local Security Checks NASL id FEDORA_2014-10786.NASL description Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-29 plugin id 77924 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77924 title Fedora 20 : python-oauth2-1.5.211-7.fc20 (2014-10786) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1592.NASL description Red Hat Satellite 6.1 now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having an important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. This update provides Satellite 6.1 packages for Red Hat Enterprise Linux 6. For the full list of new features provided by Satellite 6.1 see the Release notes linked to in References section. (BZ#1201357) It was discovered that, in Foreman, the edit_users permission (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permission could use this flaw to access an admin user account, leading to an escalation of privileges. (CVE-2015-3235) It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie. (CVE-2015-3155) It was found that when making an SSL connection to an LDAP authentication source in Foreman, the remote server certificate was accepted without any verification against known certificate authorities, potentially making TLS connections vulnerable to man-in-the-middle attacks. (CVE-2015-1816) A flaw was found in the way Foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access. (CVE-2015-1844) A cross-site scripting (XSS) flaw was found in Foreman last seen 2020-06-01 modified 2020-06-02 plugin id 85716 published 2015-09-01 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85716 title RHEL 6 : Satellite Server (RHSA-2015:1592) NASL family Fedora Local Security Checks NASL id FEDORA_2014-12475.NASL description Actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson). Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-10-29 plugin id 78705 published 2014-10-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78705 title Fedora 20 : python-oauth2-1.5.211-8.fc20 (2014-12475) NASL family Fedora Local Security Checks NASL id FEDORA_2014-10784.NASL description Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-29 plugin id 77923 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77923 title Fedora 19 : python-oauth2-1.5.211-7.fc19 (2014-10784) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1591.NASL description Red Hat Satellite 6.1 now available for Red Hat Enterprise Linux 7. Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. It performs provisioning and configuration management of predefined standard operating environments. This update provides Satellite 6.1 packages for Red Hat Enterprise Linux 7. For the full list of new features provided by Satellite 6.1 see the Release notes linked to in references section. (BZ#1201357) It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords. An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges. (CVE-2015-3235) It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie. (CVE-2015-3155) It was found that when making an SSL connection to an LDAP authentication source in Foreman, the remote server certificate was accepted without any verification against known certificate authorities, potentially making TLS connections vulnerable to man-in-the-middle attacks. (CVE-2015-1816) A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access. (CVE-2015-1844) A cross-site scripting (XSS) flaw was found in Foreman last seen 2020-06-01 modified 2020-06-02 plugin id 85715 published 2015-09-01 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85715 title RHEL 7 : Satellite Server (RHSA-2015:1591) NASL family Fedora Local Security Checks NASL id FEDORA_2014-12536.NASL description Actually apply patch to fix CVE-2013-4347 (thanks to Jason Green, Matt Wilson). Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-10-29 plugin id 78706 published 2014-10-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78706 title Fedora 19 : python-oauth2-1.5.211-8.fc19 (2014-12536)
Redhat
rpms |
|