Vulnerabilities > CVE-2016-0772 - Protection Mechanism Failure vulnerability in Python

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

python

CWE-693

nessus

exploit available

NVD

Published: 2016-09-02

Updated: 2019-02-09

Summary

The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."

Vulnerable Configurations

Part	Description	Count
Application	Python Python Python 3.5.0 Python Python 3.5.1 Python Python 3.1.1 Python Python 3.3.2 Python Python 3.0 Python Python 3.0.1 Python Python 3.2.2 Python Python 3.1.0 Python Python 3.2.5 Python Python 3.1.5 Python Python 3.3.6 Python Python 3.4.0 Python Python 3.2.1 Python Python 3.2.0 Python Python 3.3.1 Python Python 3.4.3 Python Python 3.4.4 Python Python 3.1.2 Python Python 3.3.4 Python Python 3.3.5 Python Python 3.2.3 Python Python 3.2.6 Python Python 3.3.0 Python Python 3.4.2 Python Python 3.3.3 Python Python 3.2.4 Python Python 3.4.1 Python Python 3.1.3 Python Python 3.1.4 Python Python - Python Python 0.9.0 Python Python 0.9.1 Python Python 0.9.8 Python Python 0.9.9 Python Python 1.0.1 Python Python 1.0.2 Python Python 1.1 Python Python 1.1.1 Python Python 1.2 Python Python 1.3 Python Python 1.4 Python Python 1.5 Python Python 1.5.1 Python Python 1.5.2 Python Python 1.6 Python Python 1.6.1 Python Python 2.0 Python Python 2.0.1 Python Python 2.1 Python Python 2.1.1 Python Python 2.1.2 Python Python 2.1.3 Python Python 2.2 Python Python 2.2.0 Python Python 2.2.1 Python Python 2.2.2 Python Python 2.2.3 Python Python 2.3 Python Python 2.3.0 Python Python 2.3.1 Python Python 2.3.2 Python Python 2.3.3 Python Python 2.3.4 Python Python 2.3.5 Python Python 2.3.6 Python Python 2.3.7 Python Python 2.4 Python Python 2.4.0 Python Python 2.4.1 Python Python 2.4.2 Python Python 2.4.3 Python Python 2.4.4 Python Python 2.4.5 Python Python 2.4.6 Python Python 2.5 Python Python 2.5.0 Python Python 2.5.1 Python Python 2.5.2 Python Python 2.5.3 Python Python 2.5.4 Python Python 2.5.5 Python Python 2.5.6 Python Python 2.5.150 Python Python 2.6 Python Python 2.6.0 Python Python 2.6.1 Python Python 2.6.2 Python Python 2.6.3 Python Python 2.6.4 Python Python 2.6.5 Python Python 2.6.6 Python Python 2.6.7 Python Python 2.6.8 Python Python 2.6.9 Python Python 2.6.2150 Python Python 2.6.6150 Python Python 2.7 Python Python 2.7.0 Python Python 2.7.1 Python Python 2.7.2 Python Python 2.7.3 Python Python 2.7.4 Python Python 2.7.5 Python Python 2.7.6 Python Python 2.7.7 Python Python 2.7.8 Python Python 2.7.9 Python Python 2.7.10 Python Python 2.7.11	128

Common Weakness Enumeration (CWE)

CWE-693 - Protection Mechanism Failure

Common Attack Pattern Enumeration and Classification (CAPEC)

Accessing Functionality Not Properly Constrained by ACLs
In applications, particularly web applications, access to functionality is mitigated by the authorization framework, whose job it is to map ACLs to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application or can run queries for data that he is otherwise not supposed to.
Clickjacking
In a clickjacking attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from seemingly completely different system. While being logged in to some target system, the victim visits the attackers' malicious site which displays a UI that the victim wishes to interact with. In reality, the clickjacked page has a transparent layer above the visible UI with action controls that the attacker wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the attacker may have just tricked the victim into executing some potentially privileged (and most certainly undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks he's clicking on versus what he or she is actually clicking on.
Cross Site Tracing
Cross Site Tracing (XST) enables an attacker to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to destination system's web server. The attacker first gets a malicious script to run in the victim's browser that induces the browser to initiate an HTTP TRACE request to the web server. If the destination web server allows HTTP TRACE requests, it will proceed to return a response to the victim's web browser that contains the original HTTP request in its body. The function of HTTP TRACE, as defined by the HTTP specification, is to echo the request that the web server receives from the client back to the client. Since the HTTP header of the original request had the victim's session cookie in it, that session cookie can now be picked off the HTTP TRACE response and sent to the attackers' malicious site. XST becomes relevant when direct access to the session cookie via the "document.cookie" object is disabled with the use of httpOnly attribute which ensures that the cookie can be transmitted in HTTP requests but cannot be accessed in other ways. Using SSL does not protect against XST. If the system with which the victim is interacting is susceptible to XSS, an attacker can exploit that weakness directly to get his or her malicious script to issue an HTTP TRACE request to the destination system's web server. In the absence of an XSS weakness on the site with which the victim is interacting, an attacker can get the script to come from the site that he controls and get it to execute in the victim's browser (if he can trick the victim's into visiting his malicious website or clicking on the link that he supplies). However, in that case, due to the same origin policy protection mechanism in the browser, the attackers' malicious script cannot directly issue an HTTP TRACE request to the destination system's web server because the malicious script did not originate at that domain. An attacker will then need to find a way to exploit another weakness that would enable him or her to get around the same origin policy protection.
Directory Indexing
An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
Dictionary-based Password Attack
An attacker tries each of the words in a dictionary as passwords to gain access to the system via some user's account. If the password chosen by the user was a word within the dictionary, this attack will be successful (in the absence of other mitigations). This is a specific instance of the password brute forcing attack pattern.

Exploit-Db

description	Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping. CVE-2016-0772. Local exploit for Multiple platform
id	EDB-ID:43500
last seen	2018-01-24
modified	2016-07-03
published	2016-07-03
reporter	Exploit-DB
source	https://www.exploit-db.com/download/43500/
title	Python smtplib 2.7.11 / 3.4.4 / 3.5.1 - Man In The Middle StartTLS Stripping

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-105B80D1BE.NASL
description	Security fix for CVE-2016-0772 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92230
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92230
title	Fedora 24 : python3 (2016-105b80d1be)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-105b80d1be. # include("compat.inc"); if (description) { script_id(92230); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-0772"); script_xref(name:"FEDORA", value:"2016-105b80d1be"); script_name(english:"Fedora 24 : python3 (2016-105b80d1be)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-0772 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-105b80d1be" ); script_set_attribute( attribute:"solution", value:"Update the affected python3 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"python3-3.5.1-9.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-AAE6BB9433.NASL
description	Security fix for CVE-2016-0772 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92279
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92279
title	Fedora 23 : pypy (2016-aae6bb9433)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-aae6bb9433. # include("compat.inc"); if (description) { script_id(92279); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-0772"); script_xref(name:"FEDORA", value:"2016-aae6bb9433"); script_name(english:"Fedora 23 : pypy (2016-aae6bb9433)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-0772 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-aae6bb9433" ); script_set_attribute(attribute:"solution", value:"Update the affected pypy package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pypy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^23([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"pypy-4.0.1-3.fc23")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pypy"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-6C2B74BB96.NASL
description	Security fixes for CVE-2016-0772 and CVE-2016-5699 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92254
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92254
title	Fedora 24 : pypy3 (2016-6c2b74bb96)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-6c2b74bb96. # include("compat.inc"); if (description) { script_id(92254); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-0772", "CVE-2016-5699"); script_xref(name:"FEDORA", value:"2016-6c2b74bb96"); script_name(english:"Fedora 24 : pypy3 (2016-6c2b74bb96)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fixes for CVE-2016-0772 and CVE-2016-5699 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c2b74bb96" ); script_set_attribute(attribute:"solution", value:"Update the affected pypy3 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pypy3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"pypy3-2.4.0-6.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pypy3"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-2869023091.NASL
description	Security fix for CVE-2016-0772 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-14
plugin id	92070
published	2016-07-14
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92070
title	Fedora 24 : python (2016-2869023091)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-2869023091. # include("compat.inc"); if (description) { script_id(92070); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-0772"); script_xref(name:"FEDORA", value:"2016-2869023091"); script_name(english:"Fedora 24 : python (2016-2869023091)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-0772 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-2869023091" ); script_set_attribute( attribute:"solution", value:"Update the affected python package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"python-2.7.11-6.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-2270-1.NASL
description	This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	93438
published	2016-09-12
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93438
title	SUSE SLES11 Security Update : python (SUSE-SU-2016:2270-1) (httpoxy)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2270-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93438); script_version("2.8"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5699"); script_name(english:"SUSE SLES11 Security Update : python (SUSE-SU-2016:2270-1) (httpoxy)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=984751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=985348" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=989523" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0772/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1000110/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5699/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162270-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6830fb0d" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-python-12735=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-python-12735=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-python-12735=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_6-1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-gdbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-xml"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/12"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libpython2_6-1_0-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"python-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"python-base-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libpython2_6-1_0-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"python-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"python-base-32bit-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libpython2_6-1_0-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-base-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-curses-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-demo-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-gdbm-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-idle-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-tk-2.6.9-39.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"python-xml-2.6.9-39.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-B046B56518.NASL
description	Security fixes for CVE-2016-0772 and CVE-2016-5699 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92281
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92281
title	Fedora 22 : pypy3 (2016-b046b56518)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-b046b56518. # include("compat.inc"); if (description) { script_id(92281); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-0772", "CVE-2016-5699"); script_xref(name:"FEDORA", value:"2016-b046b56518"); script_name(english:"Fedora 22 : pypy3 (2016-b046b56518)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fixes for CVE-2016-0772 and CVE-2016-5699 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b046b56518" ); script_set_attribute(attribute:"solution", value:"Update the affected pypy3 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pypy3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^22([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"pypy3-2.4.0-3.fc22")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pypy3"); }

NASL family	CGI abuses
NASL id	SPLUNK_650.NASL
description	According to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.17, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.12, 6.3.x prior to 6.3.8, or 6.4.x prior to 6.4.4; or else it is Splunk Light prior to 6.5.0. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in Python, specifically in the get_data() function within file Modules/zipimport.c, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via negative data size values, to cause a denial of service condition or the possible execution of arbitrary code. (CVE-2016-5636) - A CRLF injection vulnerability exists in Python, specifically in the HTTPConnection.putheader() function within file Modules/zipimport.c. An unauthenticated, remote attacker can exploit this to inject arbitrary HTTP headers via CRLF sequences in a URL, allowing cross-site scripting (XSS) and other attacks. (CVE-2016-5699) - A flaw exists in Python within the smtplib library due to a failure to properly raise exceptions when smtp servers are able to negotiate starttls but fail to respond properly. A man-in-the-middle attacker can exploit this issue to bypass TLS protections via a
last seen	2020-06-01
modified	2020-06-02
plugin id	94932
published	2016-11-17
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94932
title	Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(94932); script_version("1.9"); script_cvs_date("Date: 2019/11/14"); script_cve_id("CVE-2016-0772", "CVE-2016-5636", "CVE-2016-5699"); script_bugtraq_id(91225, 91226, 91247); script_name(english:"Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Splunk Enterprise and Light."); script_set_attribute(attribute:"synopsis", value: "An application running on the remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.17, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.12, 6.3.x prior to 6.3.8, or 6.4.x prior to 6.4.4; or else it is Splunk Light prior to 6.5.0. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in Python, specifically in the get_data() function within file Modules/zipimport.c, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via negative data size values, to cause a denial of service condition or the possible execution of arbitrary code. (CVE-2016-5636) - A CRLF injection vulnerability exists in Python, specifically in the HTTPConnection.putheader() function within file Modules/zipimport.c. An unauthenticated, remote attacker can exploit this to inject arbitrary HTTP headers via CRLF sequences in a URL, allowing cross-site scripting (XSS) and other attacks. (CVE-2016-5699) - A flaw exists in Python within the smtplib library due to a failure to properly raise exceptions when smtp servers are able to negotiate starttls but fail to respond properly. A man-in-the-middle attacker can exploit this issue to bypass TLS protections via a 'StartTLS stripping attack.' (CVE-2016-0772) - An HTTP request injection vulnerability exists in Splunk that permits leakage of authentication tokens. An unauthenticated, remote attacker can exploit this to access the Splunk REST API with the same rights as the user. Note that the Python vulnerabilities stated above do not affect the Splunk Enterprise 6.4.x versions, and the HTTP request injection vulnerability does not affect the Splunk Light versions."); script_set_attribute(attribute:"see_also", value:"https://www.splunk.com/view/SP-CAAAPSR"); script_set_attribute(attribute:"solution", value: "Upgrade Splunk Enterprise to version 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or later, or Splunk Light to version 6.5.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/24"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/17"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:splunk:splunk"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("splunkd_detect.nasl", "splunk_web_detect.nasl"); script_require_keys("installed_sw/Splunk"); script_require_ports("Services/www", 8089, 8000); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "Splunk"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:8000, embedded:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); dir = install['path']; ver = install['version']; license = install['License']; fix = FALSE; install_url = build_url(qs:dir, port:port); if (license == "Enterprise") { # 5.0.x < 5.0.17 if (ver =~ "^5\.0($\|[^0-9])") fix = '5.0.17'; # 6.0.x < 6.0.13 else if (ver =~ "^6\.0($\|[^0-9])") fix = '6.0.13'; # 6.1.x < 6.1.12 else if (ver =~ "^6\.1($\|[^0-9])") fix = '6.1.12'; # 6.2.x < 6.2.12 else if (ver =~ "^6\.2($\|[^0-9])") fix = '6.2.12'; # 6.3.x < 6.3.8 else if (ver =~ "^6\.3($\|[^0-9])") fix = '6.3.8'; # 6.4.x < 6.4.4 else if (ver =~ "^6\.4($\|[^0-9])") fix = '6.4.4'; } else if (license == "Light") { # any < 6.5.0 fix = '6.5.0'; } if (fix && ver_compare(ver:ver,fix:fix,strict:FALSE) < 0) { order = make_list("URL", "Installed version", "Fixed version"); report = make_array( order[0], install_url, order[1], ver + " " + license, order[2], fix + " " + license ); report = report_items_str(report_items:report, ordered_fields:order); security_report_v4(port:port, extra:report, severity:SECURITY_HOLE); exit(0); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver + " " + license);

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-1626.NASL
description	An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python
last seen	2020-06-01
modified	2020-06-02
plugin id	93039
published	2016-08-19
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93039
title	RHEL 6 / 7 : python (RHSA-2016:1626) (httpoxy)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:1626. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(93039); script_version("2.15"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5699"); script_xref(name:"RHSA", value:"2016:1626"); script_name(english:"RHEL 6 / 7 : python (RHSA-2016:1626) (httpoxy)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:1626" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-0772" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-1000110" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-5699" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tkinter"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/19"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(6\|7)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:1626"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"python-debuginfo-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"python-devel-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"python-libs-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-test-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-test-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-test-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-tools-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-tools-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-tools-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"tkinter-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"tkinter-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"tkinter-2.6.6-66.el6_8")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-debug-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-debug-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", reference:"python-debuginfo-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-devel-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-devel-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", reference:"python-libs-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-test-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-test-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-tools-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-tools-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"tkinter-2.7.5-38.el7_2")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"tkinter-2.7.5-38.el7_2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debug / python-debuginfo / python-devel / etc"); } }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-2653-1.NASL
description	This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python
last seen	2020-06-01
modified	2020-06-02
plugin id	94321
published	2016-10-27
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94321
title	SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2653-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(94321); script_version("2.7"); script_cvs_date("Date: 2019/09/11 11:22:14"); script_cve_id("CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699"); script_name(english:"SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177) - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes : - Don't force 3rd party C extensions to be built with -Werror=declaration-after-statement. (bsc#951166) - Make urllib proxy var handling behave as usual on POSIX. (bsc#983582) For a comprehensive list of changes please refer to the upstream change log: https://docs.python.org/3.4/whatsnew/changelog.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=951166" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=983582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=984751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=985177" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=985348" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=989523" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=991069" ); script_set_attribute( attribute:"see_also", value:"https://docs.python.org/3.4/whatsnew/changelog.html" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0772/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1000110/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5636/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5699/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162653-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7015bb76" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1558=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1558=1 SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2016-1558=1 SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1558=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_4m1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2016/10/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/27"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12\|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0\|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"libpython3_4m1_0-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libpython3_4m1_0-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-base-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-base-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-base-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"python3-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libpython3_4m1_0-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libpython3_4m1_0-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-base-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-base-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-base-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"python3-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpython3_4m1_0-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpython3_4m1_0-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-base-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-base-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-base-debugsource-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-debuginfo-3.4.5-17.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-debugsource-3.4.5-17.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-13BE2EE499.NASL
description	Security fix for CVE-2016-0772 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92231
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92231
title	Fedora 24 : pypy (2016-13be2ee499)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2016-1036.NASL
description	According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) - It was found that Python
last seen	2020-05-21
modified	2017-05-01
plugin id	99799
published	2017-05-01
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99799
title	EulerOS 2.0 SP1 : python (EulerOS-SA-2016-1036)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-522.NASL
description	- CVE-2016-0772 A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS. - CVE-2016-5636 Issue #26171: Fix possible integer overflow and heap corruption in zipimporter.get_data(). - CVE-2016-5699 Protocol injection can occur not only if an application sets a header based on user-supplied values, but also if the application ever tries to fetch a URL specified by an attacker (SSRF case) OR if the application ever accesses any malicious web server (redirection case). For Debian 7
last seen	2020-03-17
modified	2016-06-22
plugin id	91733
published	2016-06-22
reporter	This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/91733
title	Debian DLA-522-1 : python2.7 security update

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-34CA5273E9.NASL
description	Security fixes for CVE-2016-0772 and CVE-2016-5699 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92240
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92240
title	Fedora 23 : pypy3 (2016-34ca5273e9)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1434.NASL
description	According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python
last seen	2020-06-01
modified	2020-06-02
plugin id	124937
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124937
title	EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-A0853405EB.NASL
description	Security fix for CVE-2016-0772 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92274
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92274
title	Fedora 23 : python (2016-a0853405eb)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-E37F15A5F4.NASL
description	Security fix for CVE-2016-0772 ---- Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92295
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92295
title	Fedora 22 : python (2016-e37f15a5f4)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-724.NASL
description	It was found that Python
last seen	2020-06-01
modified	2020-06-02
plugin id	92471
published	2016-07-21
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92471
title	Amazon Linux AMI : python26 / python27,python34 (ALAS-2016-724)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1663.NASL
description	This DLA fixes a a problem parsing x509 certificates, an pickle integer overflow, and some other minor issues : CVE-2016-0772 The smtplib library in CPython does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a
last seen	2020-06-01
modified	2020-06-02
plugin id	122036
published	2019-02-08
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122036
title	Debian DLA-1663-1 : python3.4 security update

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_8D5368EF40FE11E6B2ECB499BAEBFEAF.NASL
description	Red Hat reports : A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS.
last seen	2020-06-01
modified	2020-06-02
plugin id	91931
published	2016-07-05
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/91931
title	FreeBSD : Python -- smtplib StartTLS stripping vulnerability (8d5368ef-40fe-11e6-b2ec-b499baebfeaf)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-1626.NASL
description	From Red Hat Security Advisory 2016:1626 : An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python
last seen	2020-06-01
modified	2020-06-02
plugin id	93034
published	2016-08-19
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93034
title	Oracle Linux 6 / 7 : python (ELSA-2016-1626) (httpoxy)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-2106-1.NASL
description	This update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	93300
published	2016-09-02
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93300
title	SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2016:2106-1) (httpoxy)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-0223-1.NASL
description	This update for python fixes the following issues : Security issues fixed : CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	121570
published	2019-02-04
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121570
title	SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0234-1.NASL
description	This update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133259
published	2020-01-27
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133259
title	SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0114-1.NASL
description	This update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133036
published	2020-01-17
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133036
title	SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-906.NASL
description	Python was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2016-0772: TLS stripping attack on smtplib (bsc#984751) - CVE-2016-5636: zipimporter heap overflow (bsc#985177) - CVE-2016-5699: httplib header injection (bsc#985348) This update also includes all upstream bug fixes and improvements in Python 2.7.12. It also includes the following packaging changes : - reintroduce support for CA directory path The following tracked packaging issues were fixed : - broken overflow checks (bsc#964182)
last seen	2020-06-05
modified	2016-07-28
plugin id	92595
published	2016-07-28
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92595
title	openSUSE Security Update : python (openSUSE-2016-906)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3134-1.NASL
description	It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772) Remi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. (CVE-2016-1000110) Insu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. (CVE-2016-5636) Guido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5699). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95284
published	2016-11-23
reporter	Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95284
title	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : python2.7, python3.2, python3.4, python3.5 vulnerabilities (USN-3134-1) (httpoxy)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20160818_PYTHON_ON_SL6_X.NASL
description	Security Fix(es) : - It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) - It was found that Python
last seen	2020-03-18
modified	2016-08-22
plugin id	93072
published	2016-08-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93072
title	Scientific Linux Security Update : python on SL6.x, SL7.x i386/x86_64 (20160818) (httpoxy)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2016-0099.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle Linux distribution in platform.py [orabug 21288328] (Keshav Sharma) - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz#1359161 - Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647) Raise an error when STARTTLS fails (upstream patch) - Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699) Disabled HTTP header injections in httplib (upstream patch) Resolves: rhbz#1346354
last seen	2020-06-01
modified	2020-06-02
plugin id	93038
published	2016-08-19
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93038
title	OracleVM 3.3 / 3.4 : python (OVMSA-2016-0099) (httpoxy)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-EF784CF9F7.NASL
description	Security fix for CVE-2016-5699 ---- Security fix for CVE-2016-0772 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92301
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92301
title	Fedora 23 : python3 (2016-ef784cf9f7)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2020-86.NASL
description	This update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	133172
published	2020-01-22
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133172
title	openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-871.NASL
description	It was discovered that there was a TLS stripping vulnerability in the smptlib library distributed with the CPython interpreter. The library did not return an error if StartTLS failed, which might have allowed man-in-the-middle attackers to bypass the TLS protections by leveraging a network position to block the StartTLS command. For Debian 7
last seen	2020-03-17
modified	2017-03-27
plugin id	97966
published	2017-03-27
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/97966
title	Debian DLA-871-1 : python3.2 security update

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2016-5C52DCFE47.NASL
description	Security fix for CVE-2016-0772 ---- Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2016-07-15
plugin id	92251
published	2016-07-15
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/92251
title	Fedora 22 : python3 (2016-5c52dcfe47)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201701-18.NASL
description	The remote host is affected by the vulnerability described in GLSA-201701-18 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted index file using Python’s dumbdbm module, possibly resulting in execution of arbitrary code with the privileges of the process. A remote attacker could entice a user to process a specially crafted input stream using Python’s zipimporter module, possibly allowing attackers to cause unspecified impact. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	96399
published	2017-01-11
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96399
title	GLSA-201701-18 : Python: Multiple vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-1626.NASL
description	An update for python is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python
last seen	2020-06-01
modified	2020-06-02
plugin id	93029
published	2016-08-19
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93029
title	CentOS 6 / 7 : python (CESA-2016:1626) (httpoxy)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2016-997.NASL
description	This update for python3 fixes the following issues : - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header (fixes boo#989523, CVE-2016-1000110) - update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751, CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348, CVE-2016-5699) - Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856 - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header: (fixes boo#989523, CVE-2016-1000110)
last seen	2020-06-05
modified	2016-08-22
plugin id	93069
published	2016-08-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/93069
title	openSUSE Security Update : python3 (openSUSE-2016-997) (httpoxy)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-2859-1.NASL
description	This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python
last seen	2020-06-01
modified	2020-06-02
plugin id	94969
published	2016-11-18
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94969
title	SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy)

Redhat

advisories

rhsa
id RHSA-2016:1626
rhsa
id RHSA-2016:1627
rhsa
id RHSA-2016:1628
rhsa
id RHSA-2016:1629
rhsa
id RHSA-2016:1630

rpms

python-0:2.6.6-66.el6_8
python-0:2.7.5-38.el7_2
python-debug-0:2.7.5-38.el7_2
python-debuginfo-0:2.6.6-66.el6_8
python-debuginfo-0:2.7.5-38.el7_2
python-devel-0:2.6.6-66.el6_8
python-devel-0:2.7.5-38.el7_2
python-libs-0:2.6.6-66.el6_8
python-libs-0:2.7.5-38.el7_2
python-test-0:2.6.6-66.el6_8
python-test-0:2.7.5-38.el7_2
python-tools-0:2.6.6-66.el6_8
python-tools-0:2.7.5-38.el7_2
tkinter-0:2.6.6-66.el6_8
tkinter-0:2.7.5-38.el7_2
rh-python35-python-0:3.5.1-9.el7
rh-python35-python-debug-0:3.5.1-9.el7
rh-python35-python-debuginfo-0:3.5.1-9.el7
rh-python35-python-devel-0:3.5.1-9.el7
rh-python35-python-libs-0:3.5.1-9.el7
rh-python35-python-test-0:3.5.1-9.el7
rh-python35-python-tkinter-0:3.5.1-9.el7
rh-python35-python-tools-0:3.5.1-9.el7
python27-python-0:2.7.8-16.el7
python27-python-0:2.7.8-18.el6
python27-python-debug-0:2.7.8-16.el7
python27-python-debug-0:2.7.8-18.el6
python27-python-debuginfo-0:2.7.8-16.el7
python27-python-debuginfo-0:2.7.8-18.el6
python27-python-devel-0:2.7.8-16.el7
python27-python-devel-0:2.7.8-18.el6
python27-python-libs-0:2.7.8-16.el7
python27-python-libs-0:2.7.8-18.el6
python27-python-test-0:2.7.8-16.el7
python27-python-test-0:2.7.8-18.el6
python27-python-tools-0:2.7.8-16.el7
python27-python-tools-0:2.7.8-18.el6
python27-tkinter-0:2.7.8-16.el7
python27-tkinter-0:2.7.8-18.el6
python33-python-0:3.3.2-16.el7
python33-python-0:3.3.2-18.el6
python33-python-debug-0:3.3.2-16.el7
python33-python-debug-0:3.3.2-18.el6
python33-python-debuginfo-0:3.3.2-16.el7
python33-python-debuginfo-0:3.3.2-18.el6
python33-python-devel-0:3.3.2-16.el7
python33-python-devel-0:3.3.2-18.el6
python33-python-libs-0:3.3.2-16.el7
python33-python-libs-0:3.3.2-18.el6
python33-python-test-0:3.3.2-16.el7
python33-python-test-0:3.3.2-18.el6
python33-python-tkinter-0:3.3.2-16.el7
python33-python-tkinter-0:3.3.2-18.el6
python33-python-tools-0:3.3.2-16.el7
python33-python-tools-0:3.3.2-18.el6
rh-python34-python-0:3.4.2-13.el7
rh-python34-python-0:3.4.2-14.el6
rh-python34-python-debug-0:3.4.2-13.el7
rh-python34-python-debug-0:3.4.2-14.el6
rh-python34-python-debuginfo-0:3.4.2-13.el7
rh-python34-python-debuginfo-0:3.4.2-14.el6
rh-python34-python-devel-0:3.4.2-13.el7
rh-python34-python-devel-0:3.4.2-14.el6
rh-python34-python-libs-0:3.4.2-13.el7
rh-python34-python-libs-0:3.4.2-14.el6
rh-python34-python-test-0:3.4.2-13.el7
rh-python34-python-test-0:3.4.2-14.el6
rh-python34-python-tkinter-0:3.4.2-13.el7
rh-python34-python-tkinter-0:3.4.2-14.el6
rh-python34-python-tools-0:3.4.2-13.el7
rh-python34-python-tools-0:3.4.2-14.el6