Vulnerabilities > CVE-2018-1000030 - Use After Free vulnerability in multiple products

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
LOW
local
high complexity
python
canonical
CWE-416
nessus

Summary

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.

Vulnerable Configurations

Part Description Count
Application
Python
108
OS
Canonical
4

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0037.NASL
    descriptionAn update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111297
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111297
    titlePhoton OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-2.0-0037. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111297);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/05 23:25:07");
    
      script_cve_id(
        "CVE-2017-12627",
        "CVE-2017-18207",
        "CVE-2018-1303",
        "CVE-2018-2573",
        "CVE-2018-2583",
        "CVE-2018-2612",
        "CVE-2018-2622",
        "CVE-2018-2640",
        "CVE-2018-2665",
        "CVE-2018-2668",
        "CVE-2018-2703",
        "CVE-2018-6594",
        "CVE-2018-6951",
        "CVE-2018-7208",
        "CVE-2018-7549",
        "CVE-2018-7643",
        "CVE-2018-7738",
        "CVE-2018-7750",
        "CVE-2018-8740",
        "CVE-2018-1000030",
        "CVE-2018-1000116",
        "CVE-2018-1000117",
        "CVE-2018-1000132"
      );
      script_bugtraq_id(
        102678,
        102681,
        102682,
        102704,
        102706,
        102708,
        102709,
        102710,
        103044,
        103077,
        103219,
        103264,
        103367,
        103466,
        103522,
        103713,
        104527
      );
    
      script_name(english:"Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch',
    'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux',
    'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been
    released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-2-37
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a24de30");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:zsh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pmd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "binutils-2.30-4.ph2",
      "binutils-debuginfo-2.30-4.ph2",
      "binutils-devel-2.30-4.ph2",
      "mercurial-4.5.3-1.ph2",
      "mercurial-debuginfo-4.5.3-1.ph2",
      "mysql-5.7.21-1.ph2",
      "mysql-debuginfo-5.7.21-1.ph2",
      "mysql-devel-5.7.21-1.ph2",
      "net-snmp-5.7.3-8.ph2",
      "net-snmp-debuginfo-5.7.3-8.ph2",
      "net-snmp-devel-5.7.3-8.ph2",
      "paramiko-2.1.5-1.ph2",
      "patch-2.7.5-5.ph2",
      "patch-debuginfo-2.7.5-5.ph2",
      "pmd-python2-0.0.5-5.ph2",
      "pmd-python3-0.0.5-5.ph2",
      "pycrypto-2.6.1-4.ph2",
      "pycrypto-debuginfo-2.6.1-4.ph2",
      "python2-2.7.13-12.ph2",
      "python2-debuginfo-2.7.13-12.ph2",
      "python2-devel-2.7.13-12.ph2",
      "python2-libs-2.7.13-12.ph2",
      "python2-test-2.7.13-12.ph2",
      "python2-tools-2.7.13-12.ph2",
      "python3-3.6.5-1.ph2",
      "python3-curses-3.6.5-1.ph2",
      "python3-debuginfo-3.6.5-1.ph2",
      "python3-devel-3.6.5-1.ph2",
      "python3-libs-3.6.5-1.ph2",
      "python3-paramiko-2.1.5-1.ph2",
      "python3-paramiko-2.1.5-1.ph2",
      "python3-pip-3.6.5-1.ph2",
      "python3-pycrypto-2.6.1-4.ph2",
      "python3-pycrypto-2.6.1-4.ph2",
      "python3-setuptools-3.6.5-1.ph2",
      "python3-test-3.6.5-1.ph2",
      "python3-tools-3.6.5-1.ph2",
      "python3-xml-3.6.5-1.ph2",
      "sqlite-3.22.0-2.ph2",
      "sqlite-debuginfo-3.22.0-2.ph2",
      "sqlite-devel-3.22.0-2.ph2",
      "sqlite-libs-3.22.0-2.ph2",
      "util-linux-2.32-1.ph2",
      "util-linux-debuginfo-2.32-1.ph2",
      "util-linux-devel-2.32-1.ph2",
      "util-linux-lang-2.32-1.ph2",
      "util-linux-libs-2.32-1.ph2",
      "xerces-c-3.2.1-1.ph2",
      "xerces-c-debuginfo-3.2.1-1.ph2",
      "xerces-c-devel-3.2.1-1.ph2",
      "zsh-5.3.1-6.ph2",
      "zsh-debuginfo-5.3.1-6.ph2",
      "zsh-html-5.3.1-6.ph2"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zsh / python3 / xerces / mercurial / pmd / pycrypto / net / python2 / util / mysql / paramiko / binutils / patch / sqlite");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3817-1.NASL
    descriptionIt was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030) It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000802) It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060, CVE-2018-1061) It was discovered that Python failed to initialize Expat
    last seen2020-06-01
    modified2020-06-02
    plugin id118954
    published2018-11-14
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118954
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : python2.7, python3.4, python3.5 vulnerabilities (USN-3817-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3817-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118954);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2018-1000030", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647");
      script_xref(name:"USN", value:"3817-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : python2.7, python3.4, python3.5 vulnerabilities (USN-3817-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that Python incorrectly handled large amounts of
    data. A remote attacker could use this issue to cause Python to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
    (CVE-2018-1000030)
    
    It was discovered that Python incorrectly handled running external
    commands in the shutil module. A remote attacker could use this issue
    to cause Python to crash, resulting in a denial of service, or
    possibly execute arbitrary code. (CVE-2018-1000802)
    
    It was discovered that Python incorrectly used regular expressions
    vulnerable to catastrophic backtracking. A remote attacker could
    possibly use this issue to cause a denial of service. This issue only
    affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060,
    CVE-2018-1061)
    
    It was discovered that Python failed to initialize Expat's hash salt.
    A remote attacker could possibly use this issue to cause hash
    collisions, leading to a denial of service. (CVE-2018-14647).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3817-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.5-minimal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"python2.7", pkgver:"2.7.6-8ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"python2.7-minimal", pkgver:"2.7.6-8ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"python3.4", pkgver:"3.4.3-1ubuntu1~14.04.7")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"python3.4-minimal", pkgver:"3.4.3-1ubuntu1~14.04.7")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python2.7", pkgver:"2.7.12-1ubuntu0~16.04.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python2.7-minimal", pkgver:"2.7.12-1ubuntu0~16.04.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python3.5", pkgver:"3.5.2-2ubuntu0~16.04.5")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python3.5-minimal", pkgver:"3.5.2-2ubuntu0~16.04.5")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"python2.7", pkgver:"2.7.15~rc1-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"python2.7-minimal", pkgver:"2.7.15~rc1-1ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python2.7 / python2.7-minimal / python3.4 / python3.4-minimal / etc");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0125.NASL
    descriptionAn update of 'python2' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111929
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111929
    titlePhoton OS 1.0: Python2 PHSA-2018-1.0-0125 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0125. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111929);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:50");
    
      script_cve_id("CVE-2018-1000030");
    
      script_name(english:"Photon OS 1.0: Python2 PHSA-2018-1.0-0125 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of 'python2' packages of Photon OS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-1.0-125
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?10b159b6");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000030");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "python2-2.7.13-5.ph1",
      "python2-debuginfo-2.7.13-5.ph1",
      "python2-devel-2.7.13-5.ph1",
      "python2-libs-2.7.13-5.ph1",
      "python2-tools-2.7.13-5.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python2");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1078.NASL
    descriptionAccording to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3-i1/4zMalloc-i1/4zThread1-i1/4zFree
    last seen2020-05-06
    modified2018-05-02
    plugin id109476
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109476
    titleEulerOS 2.0 SP1 : python (EulerOS-SA-2018-1078)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109476);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2018-1000030"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : python (EulerOS-SA-2018-1078)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the python packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - python 2.7.14 is vulnerable to a Heap-Buffer-Overflow
        as well as a Heap-Use-After-Free. Python versions prior
        to 2.7.14 may also be vulnerable and it appears that
        Python 2.7.17 and prior may also be vulnerable however
        this has not been confirmed. The vulnerability lies
        when multiply threads are handling large amounts of
        data. In both cases there is essentially a race
        condition that occurs. For the Heap-Buffer-Overflow,
        Thread 2 is creating the size for a buffer, but Thread1
        is already writing to the buffer without knowing how
        much to write. So when a large amount of data is being
        processed, it is very easy to cause memory corruption
        using a Heap-Buffer-Overflow. As for the
        Use-After-Free,
        Thread3-i1/4zMalloc-i1/4zThread1-i1/4zFree's-i1/4zThread2-Re-us
        es-Free'd Memory. The PSRT has stated that this is not
        a security vulnerability due to the fact that the
        attacker must be able to run code, however in some
        situations, such as function as a service, this
        vulnerability can potentially be used by an attacker to
        violate a trust boundary, as such the DWF feels this
        issue deserves a CVE.(CVE-2018-1000030)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1078
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?484eb2f8");
      script_set_attribute(attribute:"solution", value:
    "Update the affected python package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["python-2.7.5-58.h7",
            "python-devel-2.7.5-58.h7",
            "python-libs-2.7.5-58.h7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-511.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : - CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution (bsc#1068664). - CVE-2018-1000030: Fixed crash inside the Python interpreter when multiple threads used the same I/O stream concurrently (bsc#1079300). This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2018-05-24
    plugin id110069
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110069
    titleopenSUSE Security Update : python (openSUSE-2018-511)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-511.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110069);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000158", "CVE-2018-1000030");
    
      script_name(english:"openSUSE Security Update : python (openSUSE-2018-511)");
      script_summary(english:"Check for the openSUSE-2018-511 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for python fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2017-1000158: Fixed integer overflows in
        PyString_DecodeEscape that could have resulted in
        heap-based buffer overflow attacks and possible
        arbitrary code execution (bsc#1068664).
    
      - CVE-2018-1000030: Fixed crash inside the Python
        interpreter when multiple threads used the same I/O
        stream concurrently (bsc#1079300).
    
    This update was imported from the SUSE:SLE-12-SP1:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079300"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-idle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"libpython2_7-1_0-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libpython2_7-1_0-debuginfo-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-base-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-base-debuginfo-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-base-debugsource-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-curses-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-curses-debuginfo-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-debuginfo-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-debugsource-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-demo-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-devel-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-doc-pdf-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-gdbm-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-gdbm-debuginfo-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-idle-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-tk-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-tk-debuginfo-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-xml-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"python-xml-debuginfo-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libpython2_7-1_0-32bit-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libpython2_7-1_0-debuginfo-32bit-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"python-32bit-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"python-base-32bit-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"python-base-debuginfo-32bit-2.7.13-27.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"python-debuginfo-32bit-2.7.13-27.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpython2_7-1_0 / libpython2_7-1_0-32bit / etc");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201811-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201811-02 (Python: Buffer overflow) A buffer overflow vulnerability have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, in special situations such as function as a service, could violate a trust boundary and cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-18
    modified2018-11-09
    plugin id118846
    published2018-11-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118846
    titleGLSA-201811-02 : Python: Buffer overflow
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201811-02.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118846);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/06");
    
      script_cve_id("CVE-2018-1000030");
      script_xref(name:"GLSA", value:"201811-02");
    
      script_name(english:"GLSA-201811-02 : Python: Buffer overflow");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201811-02
    (Python: Buffer overflow)
    
        A buffer overflow vulnerability have been discovered in Python. Please
          review the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker, in special situations such as function as a service,
          could violate a trust boundary and cause a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201811-02"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Python users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/python-2.7.15:2.7'"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/python", unaffected:make_list("ge 2.7.15"), vulnerable:make_list("lt 2.7.15"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Python");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1372-1.NASL
    descriptionThis update for python fixes the following issues: Security issues fixed : - CVE-2017-1000158: Fixed integer overflows in PyString_DecodeEscape that could have resulted in heap-based buffer overflow attacks and possible arbitrary code execution (bsc#1068664). - CVE-2018-1000030: Fixed crash inside the Python interpreter when multiple threads used the same I/O stream concurrently (bsc#1079300). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110037
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110037
    titleSUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2018:1372-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:1372-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110037);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/10 13:51:47");
    
      script_cve_id("CVE-2017-1000158", "CVE-2018-1000030");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2018:1372-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for python fixes the following issues: Security issues
    fixed :
    
      - CVE-2017-1000158: Fixed integer overflows in
        PyString_DecodeEscape that could have resulted in
        heap-based buffer overflow attacks and possible
        arbitrary code execution (bsc#1068664).
    
      - CVE-2018-1000030: Fixed crash inside the Python
        interpreter when multiple threads used the same I/O
        stream concurrently (bsc#1079300).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1068664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1079300"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000158/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1000030/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20181372-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4d8fa025"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2018-964=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-964=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-964=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2018-964=1
    
    SUSE Enterprise Storage 5:zypper in -t patch SUSE-Storage-5-2018-964=1
    
    SUSE CaaS Platform ALL :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
    SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-964=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_7-1_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-base-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-curses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-curses-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-gdbm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-idle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-tk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-tk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-xml-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libpython2_7-1_0-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libpython2_7-1_0-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-debugsource-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-curses-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-curses-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-debugsource-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-demo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-gdbm-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-gdbm-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-idle-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-tk-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-tk-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-xml-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-xml-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libpython2_7-1_0-32bit-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libpython2_7-1_0-debuginfo-32bit-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-32bit-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-32bit-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-debuginfo-32bit-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-debuginfo-32bit-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libpython2_7-1_0-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libpython2_7-1_0-32bit-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libpython2_7-1_0-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libpython2_7-1_0-debuginfo-32bit-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-base-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-base-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-base-debuginfo-32bit-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-base-debugsource-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-curses-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-curses-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-debugsource-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-devel-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-tk-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-tk-debuginfo-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-xml-2.7.13-28.3.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-xml-debuginfo-2.7.13-28.3.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0234-1.NASL
    descriptionThis update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133259
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133259
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2019.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-05-08
    modified2019-09-24
    plugin id129212
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129212
    titleEulerOS 2.0 SP3 : python (EulerOS-SA-2019-2019)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0125_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121820
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121820
    titlePhoton OS 1.0: Python2 PHSA-2018-1.0-0125