Vulnerabilities > CVE-2016-5636 - Integer Overflow or Wraparound vulnerability in Python

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
python
CWE-190
critical
nessus

Summary

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Python
128

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-E63A732C9D.NASL
    descriptionCVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92297
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92297
    titleFedora 24 : python3 (2016-e63a732c9d)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-e63a732c9d.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92297);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5636");
      script_xref(name:"FEDORA", value:"2016-e63a732c9d");
    
      script_name(english:"Fedora 24 : python3 (2016-e63a732c9d)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2016-5636
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-e63a732c9d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python3 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"python3-3.5.1-12.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-22EAB18150.NASL
    descriptionAdded patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92066
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92066
    titleFedora 24 : python3 (2016-22eab18150)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-22eab18150.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92066);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5636");
      script_xref(name:"FEDORA", value:"2016-22eab18150");
    
      script_name(english:"Fedora 24 : python3 (2016-22eab18150)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Added patch for fixing possible integer overflow and heap corruption
    in zipimporter.get_data()
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-22eab18150"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python3 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"python3-3.5.1-8.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-EFF21665E7.NASL
    descriptionCVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-18
    plugin id92336
    published2016-07-18
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92336
    titleFedora 23 : python (2016-eff21665e7)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-eff21665e7.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92336);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5636");
      script_xref(name:"FEDORA", value:"2016-eff21665e7");
    
      script_name(english:"Fedora 23 : python (2016-eff21665e7)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2016-5636
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-eff21665e7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"python-2.7.11-7.fc23")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_12_4.NASL
    descriptionThe remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id99134
    published2017-03-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99134
    titlemacOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99134);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id(
        "CVE-2016-0736",
        "CVE-2016-2161",
        "CVE-2016-3619",
        "CVE-2016-4688",
        "CVE-2016-5387",
        "CVE-2016-5636",
        "CVE-2016-7056",
        "CVE-2016-7585",
        "CVE-2016-7922",
        "CVE-2016-7923",
        "CVE-2016-7924",
        "CVE-2016-7925",
        "CVE-2016-7926",
        "CVE-2016-7927",
        "CVE-2016-7928",
        "CVE-2016-7929",
        "CVE-2016-7930",
        "CVE-2016-7931",
        "CVE-2016-7932",
        "CVE-2016-7933",
        "CVE-2016-7934",
        "CVE-2016-7935",
        "CVE-2016-7936",
        "CVE-2016-7937",
        "CVE-2016-7938",
        "CVE-2016-7939",
        "CVE-2016-7940",
        "CVE-2016-7973",
        "CVE-2016-7974",
        "CVE-2016-7975",
        "CVE-2016-7983",
        "CVE-2016-7984",
        "CVE-2016-7985",
        "CVE-2016-7986",
        "CVE-2016-7992",
        "CVE-2016-7993",
        "CVE-2016-8574",
        "CVE-2016-8575",
        "CVE-2016-8740",
        "CVE-2016-8743",
        "CVE-2016-9533",
        "CVE-2016-9535",
        "CVE-2016-9536",
        "CVE-2016-9537",
        "CVE-2016-9538",
        "CVE-2016-9539",
        "CVE-2016-9540",
        "CVE-2016-9586",
        "CVE-2016-9935",
        "CVE-2016-10009",
        "CVE-2016-10010",
        "CVE-2016-10011",
        "CVE-2016-10012",
        "CVE-2016-10158",
        "CVE-2016-10159",
        "CVE-2016-10160",
        "CVE-2016-10161",
        "CVE-2017-2379",
        "CVE-2017-2381",
        "CVE-2017-2388",
        "CVE-2017-2390",
        "CVE-2017-2398",
        "CVE-2017-2401",
        "CVE-2017-2402",
        "CVE-2017-2403",
        "CVE-2017-2406",
        "CVE-2017-2407",
        "CVE-2017-2408",
        "CVE-2017-2409",
        "CVE-2017-2410",
        "CVE-2017-2413",
        "CVE-2017-2416",
        "CVE-2017-2417",
        "CVE-2017-2418",
        "CVE-2017-2420",
        "CVE-2017-2421",
        "CVE-2017-2422",
        "CVE-2017-2423",
        "CVE-2017-2425",
        "CVE-2017-2426",
        "CVE-2017-2427",
        "CVE-2017-2428",
        "CVE-2017-2429",
        "CVE-2017-2430",
        "CVE-2017-2431",
        "CVE-2017-2432",
        "CVE-2017-2435",
        "CVE-2017-2436",
        "CVE-2017-2437",
        "CVE-2017-2438",
        "CVE-2017-2439",
        "CVE-2017-2440",
        "CVE-2017-2441",
        "CVE-2017-2443",
        "CVE-2017-2448",
        "CVE-2017-2449",
        "CVE-2017-2450",
        "CVE-2017-2451",
        "CVE-2017-2456",
        "CVE-2017-2458",
        "CVE-2017-2461",
        "CVE-2017-2462",
        "CVE-2017-2467",
        "CVE-2017-2472",
        "CVE-2017-2473",
        "CVE-2017-2474",
        "CVE-2017-2477",
        "CVE-2017-2478",
        "CVE-2017-2482",
        "CVE-2017-2483",
        "CVE-2017-2485",
        "CVE-2017-2487",
        "CVE-2017-2489",
        "CVE-2017-2490",
        "CVE-2017-5029",
        "CVE-2017-5202",
        "CVE-2017-5203",
        "CVE-2017-5204",
        "CVE-2017-5205",
        "CVE-2017-5341",
        "CVE-2017-5342",
        "CVE-2017-5482",
        "CVE-2017-5483",
        "CVE-2017-5484",
        "CVE-2017-5485",
        "CVE-2017-5486",
        "CVE-2017-6974",
        "CVE-2017-7070"
      );
      script_bugtraq_id(
        85919,
        91247,
        91816,
        94572,
        94650,
        94742,
        94744,
        94745,
        94746,
        94747,
        94753,
        94754,
        94846,
        94968,
        94972,
        94975,
        94977,
        95019,
        95076,
        95077,
        95078,
        95375,
        95764,
        95768,
        95774,
        95783,
        95852,
        96767,
        97132,
        97134,
        97137,
        97140,
        97146,
        97147,
        97300,
        97301,
        97303
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-03-27-3");
      script_xref(name:"CERT", value:"797896");
      script_xref(name:"EDB-ID", value:"40961");
      script_xref(name:"EDB-ID", value:"40962");
    
      script_name(english:"macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)");
      script_summary(english:"Checks the version of macOS.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS update that fixes multiple security
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of macOS that is 10.12.x prior to
    10.12.4. It is, therefore, affected by multiple vulnerabilities in
    multiple components, some of which are remote code execution
    vulnerabilities. An unauthenticated, remote attacker can exploit these
    remote code execution vulnerabilities by convincing a user to visit a
    specially crafted website, resulting in the execution of arbitrary
    code in the context of the current user. The affected components are
    as follows :
    
      - apache
      - apache_mod_php
      - AppleGraphicsPowerManagement
      - AppleRAID
      - Audio
      - Bluetooth
      - Carbon
      - CoreGraphics
      - CoreMedia
      - CoreText
      - curl
      - EFI
      - FinderKit
      - FontParser
      - HTTPProtocol
      - Hypervisor
      - iBooks
      - ImageIO
      - Intel Graphics Driver
      - IOATAFamily
      - IOFireWireAVC
      - IOFireWireFamily
      - Kernel
      - Keyboards
      - libarchive
      - libc++abi
      - LibreSSL
      - MCX Client
      - Menus
      - Multi-Touch
      - OpenSSH
      - OpenSSL
      - Printing
      - python
      - QuickTime
      - Security
      - SecurityFoundation
      - sudo
      - System Integrity Protection
      - tcpdump
      - tiffutil
      - WebKit");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207615");
      # https://lists.apple.com/archives/security-announce/2017/Mar/msg00004.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ddb4db4a");
      script_set_attribute(attribute:"see_also", value:"https://httpoxy.org");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to macOS version 10.12.4 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5636");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"in_the_news", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/31");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
      script_require_ports("Host/MacOSX/Version", "Host/OS");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    os = get_kb_item("Host/MacOSX/Version");
    if (!os)
    {
      os = get_kb_item_or_exit("Host/OS");
      if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
      c = get_kb_item("Host/OS/Confidence");
      if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence.");
    }
    if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X");
    
    matches = eregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os);
    if (isnull(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "').");
    
    version = matches[1];
    if (version !~ "^10\.12($|[^0-9])") audit(AUDIT_OS_NOT, "Mac OS 10.12.x");
    
    fixed_version = "10.12.4";
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      security_report_v4(
        port:0,
        severity:SECURITY_HOLE,
        xss:TRUE,
        extra:
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version +
          '\n'
      );
    }
    else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
    
  • NASL familyCGI abuses
    NASL idSPLUNK_650.NASL
    descriptionAccording to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.17, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.12, 6.3.x prior to 6.3.8, or 6.4.x prior to 6.4.4; or else it is Splunk Light prior to 6.5.0. It is, therefore, affected by multiple vulnerabilities : - A heap buffer overflow condition exists in Python, specifically in the get_data() function within file Modules/zipimport.c, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via negative data size values, to cause a denial of service condition or the possible execution of arbitrary code. (CVE-2016-5636) - A CRLF injection vulnerability exists in Python, specifically in the HTTPConnection.putheader() function within file Modules/zipimport.c. An unauthenticated, remote attacker can exploit this to inject arbitrary HTTP headers via CRLF sequences in a URL, allowing cross-site scripting (XSS) and other attacks. (CVE-2016-5699) - A flaw exists in Python within the smtplib library due to a failure to properly raise exceptions when smtp servers are able to negotiate starttls but fail to respond properly. A man-in-the-middle attacker can exploit this issue to bypass TLS protections via a
    last seen2020-06-01
    modified2020-06-02
    plugin id94932
    published2016-11-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94932
    titleSplunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94932);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id("CVE-2016-0772", "CVE-2016-5636", "CVE-2016-5699");
      script_bugtraq_id(91225, 91226, 91247);
    
      script_name(english:"Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.12 / 6.3.8 / 6.4.4 or Splunk Light < 6.5.0 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of Splunk Enterprise and Light.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application running on the remote web server is affected by
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version number, the version of Splunk
    Enterprise hosted on the remote web server is 5.0.x prior to 5.0.17,
    6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.12,
    6.3.x prior to 6.3.8, or 6.4.x prior to 6.4.4; or else it is Splunk
    Light prior to 6.5.0. It is, therefore, affected by multiple
    vulnerabilities :
    
      - A heap buffer overflow condition exists in Python,
        specifically in the get_data() function within file
        Modules/zipimport.c, due to improper validation of
        user-supplied input. An unauthenticated, remote attacker
        can exploit this, via negative data size values, to
        cause a denial of service condition or the possible
        execution of arbitrary code. (CVE-2016-5636)
    
      - A CRLF injection vulnerability exists in Python,
        specifically in the HTTPConnection.putheader() function
        within file Modules/zipimport.c. An unauthenticated,
        remote attacker can exploit this to inject arbitrary
        HTTP headers via CRLF sequences in a URL, allowing
        cross-site scripting (XSS) and other attacks.
        (CVE-2016-5699)
    
      - A flaw exists in Python within the smtplib library due
        to a failure to properly raise exceptions when smtp
        servers are able to negotiate starttls but fail to
        respond properly. A man-in-the-middle attacker can
        exploit this issue to bypass TLS protections via a
        'StartTLS stripping attack.' (CVE-2016-0772)
    
      - An HTTP request injection vulnerability exists in Splunk
        that permits leakage of authentication tokens. An
        unauthenticated, remote attacker can exploit this to
        access the Splunk REST API with the same rights as the
        user.
    
    Note that the Python vulnerabilities stated above do not affect the
    Splunk Enterprise 6.4.x versions, and the HTTP request injection
    vulnerability does not affect the Splunk Light versions.");
      script_set_attribute(attribute:"see_also", value:"https://www.splunk.com/view/SP-CAAAPSR");
      script_set_attribute(attribute:"solution", value:
    "Upgrade Splunk Enterprise to version 5.0.17 / 6.0.13 / 6.1.12 /
    6.2.12 / 6.3.8 / 6.4.4 or later, or Splunk Light to version 6.5.0 or
    later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/17");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:splunk:splunk");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("splunkd_detect.nasl", "splunk_web_detect.nasl");
      script_require_keys("installed_sw/Splunk");
      script_require_ports("Services/www", 8089, 8000);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    include("install_func.inc");
    
    app = "Splunk";
    
    get_install_count(app_name:app, exit_if_zero:TRUE);
    
    port = get_http_port(default:8000, embedded:TRUE);
    
    install = get_single_install(
      app_name : app,
      port     : port,
      exit_if_unknown_ver : TRUE
    );
    
    dir = install['path'];
    ver = install['version'];
    license = install['License'];
    fix = FALSE;
    
    install_url = build_url(qs:dir, port:port);
    
    if (license == "Enterprise")
    {
      # 5.0.x < 5.0.17
      if (ver =~ "^5\.0($|[^0-9])")
        fix = '5.0.17';
    
      # 6.0.x < 6.0.13
      else if (ver =~ "^6\.0($|[^0-9])")
        fix = '6.0.13';
    
      # 6.1.x < 6.1.12
      else if (ver =~ "^6\.1($|[^0-9])")
        fix = '6.1.12';
    
      # 6.2.x < 6.2.12
      else if (ver =~ "^6\.2($|[^0-9])")
        fix = '6.2.12';
    
      # 6.3.x < 6.3.8
      else if (ver =~ "^6\.3($|[^0-9])")
        fix = '6.3.8';
    
      # 6.4.x < 6.4.4
      else if (ver =~ "^6\.4($|[^0-9])")
        fix = '6.4.4';
    }
    else if (license == "Light")
    {
      # any < 6.5.0
      fix = '6.5.0';
    }
    
    if (fix && ver_compare(ver:ver,fix:fix,strict:FALSE) < 0)
    {
      order = make_list("URL", "Installed version", "Fixed version");
      report = make_array(
        order[0], install_url,
        order[1], ver + " " + license,
        order[2], fix + " " + license
      );
      report = report_items_str(report_items:report, ordered_fields:order);
    
      security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
      exit(0);
    }
    else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, ver + " " + license);
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161103_PYTHON_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later
    last seen2020-03-18
    modified2016-12-15
    plugin id95857
    published2016-12-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95857
    titleScientific Linux Security Update : python on SL7.x x86_64 (20161103)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95857);
      script_version("3.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2016-5636");
    
      script_name(english:"Scientific Linux Security Update : python on SL7.x x86_64 (20161103)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - A vulnerability was discovered in Python, in the
        built-in zipimporter. A specially crafted zip file
        placed in a module path such that it would be loaded by
        a later 'import' statement could cause a heap overflow,
        leading to arbitrary code execution. (CVE-2016-5636)
    
    Additional Changes :"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=7169
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?475d7055"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-debug-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-debuginfo-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-devel-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-libs-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-test-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-tools-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"tkinter-2.7.5-48.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debug / python-debuginfo / python-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2653-1.NASL
    descriptionThis update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python
    last seen2020-06-01
    modified2020-06-02
    plugin id94321
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94321
    titleSUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:2653-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94321);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update provides Python 3.4.5, which brings many fixes and
    enhancements. The following security issues have been fixed :
    
      - CVE-2016-1000110: CGIHandler could have allowed setting
        of HTTP_PROXY environment variable based on
        user-supplied Proxy request header. (bsc#989523)
    
      - CVE-2016-0772: A vulnerability in smtplib could have
        allowed a MITM attacker to perform a startTLS stripping
        attack. (bsc#984751)
    
      - CVE-2016-5636: A heap overflow in Python's zipimport
        module. (bsc#985177)
    
      - CVE-2016-5699: A header injection flaw in
        urrlib2/urllib/httplib/http.client. (bsc#985348) The
        update also includes the following non-security fixes :
    
      - Don't force 3rd party C extensions to be built with
    
        -Werror=declaration-after-statement. (bsc#951166)
    
      - Make urllib proxy var handling behave as usual on POSIX.
        (bsc#983582) For a comprehensive list of changes please
        refer to the upstream change log:
        https://docs.python.org/3.4/whatsnew/changelog.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=951166"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=983582"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=984751"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=985177"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=985348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=989523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=991069"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://docs.python.org/3.4/whatsnew/changelog.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-0772/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-1000110/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5636/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5699/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20162653-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7015bb76"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2016-1558=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2016-1558=1
    
    SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
    SUSE-SLE-Module-Web-Scripting-12-2016-1558=1
    
    SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP1-2016-1558=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_4m1_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/27");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpython3_4m1_0-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libpython3_4m1_0-debuginfo-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python3-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python3-base-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python3-base-debuginfo-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python3-base-debugsource-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python3-debuginfo-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"python3-debugsource-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libpython3_4m1_0-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libpython3_4m1_0-debuginfo-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"python3-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"python3-base-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"python3-base-debuginfo-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"python3-base-debugsource-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"python3-debuginfo-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"python3-debugsource-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpython3_4m1_0-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libpython3_4m1_0-debuginfo-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-base-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-base-debuginfo-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-base-debugsource-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-debuginfo-3.4.5-17.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"python3-debugsource-3.4.5-17.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2586.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later
    last seen2020-06-01
    modified2020-06-02
    plugin id95332
    published2016-11-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95332
    titleCentOS 7 : python (CESA-2016:2586)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:2586 and 
    # CentOS Errata and Security Advisory 2016:2586 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95332);
      script_version("3.5");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2016-5636");
      script_xref(name:"RHSA", value:"2016:2586");
    
      script_name(english:"CentOS 7 : python (CESA-2016:2586)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for python is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    Python is an interpreted, interactive, object-oriented programming
    language, which includes modules, classes, exceptions, very high level
    dynamic data types and dynamic typing. Python supports interfaces to
    many system calls and libraries, as well as to various windowing
    systems.
    
    Security Fix(es) :
    
    * A vulnerability was discovered in Python, in the built-in
    zipimporter. A specially crafted zip file placed in a module path such
    that it would be loaded by a later 'import' statement could cause a
    heap overflow, leading to arbitrary code execution. (CVE-2016-5636)
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.3 Release Notes linked from the References section."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003444.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?835bbe7e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5636");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-debug-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-devel-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-libs-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-test-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-tools-2.7.5-48.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"tkinter-2.7.5-48.el7")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debug / python-devel / python-libs / python-test / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-522.NASL
    description - CVE-2016-0772 A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS. - CVE-2016-5636 Issue #26171: Fix possible integer overflow and heap corruption in zipimporter.get_data(). - CVE-2016-5699 Protocol injection can occur not only if an application sets a header based on user-supplied values, but also if the application ever tries to fetch a URL specified by an attacker (SSRF case) OR if the application ever accesses any malicious web server (redirection case). For Debian 7
    last seen2020-03-17
    modified2016-06-22
    plugin id91733
    published2016-06-22
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91733
    titleDebian DLA-522-1 : python2.7 security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1434.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python
    last seen2020-06-01
    modified2020-06-02
    plugin id124937
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124937
    titleEulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-D5917E939E.NASL
    descriptionAdded patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92175
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92175
    titleFedora 24 : python (2016-d5917e939e)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-D3A529AAD6.NASL
    descriptionAdded patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92173
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92173
    titleFedora 23 : python (2016-d3a529aad6)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-308F78B2F4.NASL
    descriptionCVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-18
    plugin id92329
    published2016-07-18
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92329
    titleFedora 23 : python3 (2016-308f78b2f4)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-E37F15A5F4.NASL
    descriptionSecurity fix for CVE-2016-0772 ---- Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92295
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92295
    titleFedora 22 : python (2016-e37f15a5f4)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-724.NASL
    descriptionIt was found that Python
    last seen2020-06-01
    modified2020-06-02
    plugin id92471
    published2016-07-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92471
    titleAmazon Linux AMI : python26 / python27,python34 (ALAS-2016-724)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1663.NASL
    descriptionThis DLA fixes a a problem parsing x509 certificates, an pickle integer overflow, and some other minor issues : CVE-2016-0772 The smtplib library in CPython does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id122036
    published2019-02-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122036
    titleDebian DLA-1663-1 : python3.4 security update
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1D0F685233D811E6A67160A44CE6887B.NASL
    descriptionPython reports : Possible integer overflow and heap corruption in zipimporter.get_data()
    last seen2020-06-01
    modified2020-06-02
    plugin id91699
    published2016-06-20
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91699
    titleFreeBSD : Python -- Integer overflow in zipimport module (1d0f6852-33d8-11e6-a671-60a44ce6887b)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2106-1.NASL
    descriptionThis update for python fixes the following issues : - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) - CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93300
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93300
    titleSUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2016:2106-1) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0223-1.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id121570
    published2019-02-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121570
    titleSUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0234-1.NASL
    descriptionThis update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133259
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133259
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0114-1.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133036
    published2020-01-17
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133036
    titleSUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-906.NASL
    descriptionPython was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2016-0772: TLS stripping attack on smtplib (bsc#984751) - CVE-2016-5636: zipimporter heap overflow (bsc#985177) - CVE-2016-5699: httplib header injection (bsc#985348) This update also includes all upstream bug fixes and improvements in Python 2.7.12. It also includes the following packaging changes : - reintroduce support for CA directory path The following tracked packaging issues were fixed : - broken overflow checks (bsc#964182)
    last seen2020-06-05
    modified2016-07-28
    plugin id92595
    published2016-07-28
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92595
    titleopenSUSE Security Update : python (openSUSE-2016-906)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3134-1.NASL
    descriptionIt was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772) Remi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. (CVE-2016-1000110) Insu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. (CVE-2016-5636) Guido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5699). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id95284
    published2016-11-23
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95284
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : python2.7, python3.2, python3.4, python3.5 vulnerabilities (USN-3134-1) (httpoxy)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1003.NASL
    descriptionAccording to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later
    last seen2020-05-06
    modified2017-05-01
    plugin id99850
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99850
    titleEulerOS 2.0 SP1 : python (EulerOS-SA-2017-1003)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-9932F852C7.NASL
    descriptionCVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92271
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92271
    titleFedora 24 : python (2016-9932f852c7)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-86.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id133172
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133172
    titleopenSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-5C52DCFE47.NASL
    descriptionSecurity fix for CVE-2016-0772 ---- Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92251
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92251
    titleFedora 22 : python3 (2016-5c52dcfe47)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2586.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later
    last seen2020-06-01
    modified2020-06-02
    plugin id94549
    published2016-11-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94549
    titleRHEL 7 : python (RHSA-2016:2586)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-18 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted index file using Python&rsquo;s dumbdbm module, possibly resulting in execution of arbitrary code with the privileges of the process. A remote attacker could entice a user to process a specially crafted input stream using Python&rsquo;s zipimporter module, possibly allowing attackers to cause unspecified impact. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96399
    published2017-01-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96399
    titleGLSA-201701-18 : Python: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-997.NASL
    descriptionThis update for python3 fixes the following issues : - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header (fixes boo#989523, CVE-2016-1000110) - update to 3.4.5 check: https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751, CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348, CVE-2016-5699) - Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856 - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header: (fixes boo#989523, CVE-2016-1000110)
    last seen2020-06-05
    modified2016-08-22
    plugin id93069
    published2016-08-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93069
    titleopenSUSE Security Update : python3 (openSUSE-2016-997) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2859-1.NASL
    descriptionThis update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed : - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523) - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751) - CVE-2016-5636: A heap overflow in Python
    last seen2020-06-01
    modified2020-06-02
    plugin id94969
    published2016-11-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94969
    titleSUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2408-1.NASL
    descriptionThis update for python-base fixes the following issues: Security issues fixed : - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes : - bsc#1086001: python tarfile uses random order. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id112012
    published2018-08-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112012
    titleSUSE SLES11 Security Update : python (SUSE-SU-2018:2408-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-32E5A8C3A8.NASL
    descriptionAdded patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92076
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92076
    titleFedora 23 : python3 (2016-32e5a8c3a8)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2586.NASL
    descriptionFrom Red Hat Security Advisory 2016:2586 : An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later
    last seen2020-06-01
    modified2020-06-02
    plugin id94707
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94707
    titleOracle Linux 7 : python (ELSA-2016-2586)

Redhat

advisories
bugzilla
id1345856
titleCVE-2016-5636 python: Heap overflow in zipimporter module
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentpython-libs is earlier than 0:2.7.5-48.el7
          ovaloval:com.redhat.rhsa:tst:20162586001
        • commentpython-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110554014
      • AND
        • commentpython is earlier than 0:2.7.5-48.el7
          ovaloval:com.redhat.rhsa:tst:20162586003
        • commentpython is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110554012
      • AND
        • commentpython-devel is earlier than 0:2.7.5-48.el7
          ovaloval:com.redhat.rhsa:tst:20162586005
        • commentpython-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110554010
      • AND
        • commentpython-test is earlier than 0:2.7.5-48.el7
          ovaloval:com.redhat.rhsa:tst:20162586007
        • commentpython-test is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110554006
      • AND
        • commenttkinter is earlier than 0:2.7.5-48.el7
          ovaloval:com.redhat.rhsa:tst:20162586009
        • commenttkinter is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110554004
      • AND
        • commentpython-tools is earlier than 0:2.7.5-48.el7
          ovaloval:com.redhat.rhsa:tst:20162586011
        • commentpython-tools is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110554008
      • AND
        • commentpython-debug is earlier than 0:2.7.5-48.el7
          ovaloval:com.redhat.rhsa:tst:20162586013
        • commentpython-debug is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152101008
rhsa
idRHSA-2016:2586
released2016-11-03
severityLow
titleRHSA-2016:2586: python security, bug fix, and enhancement update (Low)
rpms
  • python-0:2.7.5-48.el7
  • python-debug-0:2.7.5-48.el7
  • python-debuginfo-0:2.7.5-48.el7
  • python-devel-0:2.7.5-48.el7
  • python-libs-0:2.7.5-48.el7
  • python-test-0:2.7.5-48.el7
  • python-tools-0:2.7.5-48.el7
  • tkinter-0:2.7.5-48.el7

References