CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.9%
This security advisory corrects DSA 458-2 which caused a problem in the gethostbyaddr routine.
The original advisory said :
Sebastian Schmidt discovered a buffer overflow bug in Python’s getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.
This bug only exists in python 2.2 and 2.2.1, and only when IPv6 support is disabled. The python2.2 package in Debian woody meets these conditions (the ‘python’ package does not).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-458. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(15295);
script_version("1.20");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2004-0150");
script_bugtraq_id(9836);
script_xref(name:"DSA", value:"458");
script_name(english:"Debian DSA-458-3 : python2.2 - buffer overflow");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"This security advisory corrects DSA 458-2 which caused a problem in
the gethostbyaddr routine.
The original advisory said :
Sebastian Schmidt discovered a buffer overflow bug in Python's
getaddrinfo function, which could allow an IPv6 address, supplied by
a remote attacker via DNS, to overwrite memory on the stack.
This bug only exists in python 2.2 and 2.2.1, and only when IPv6
support is disabled. The python2.2 package in Debian woody meets
these conditions (the 'python' package does not)."
);
script_set_attribute(
attribute:"see_also",
value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248946"
);
script_set_attribute(
attribute:"see_also",
value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=269548"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2004/dsa-458"
);
script_set_attribute(
attribute:"solution",
value:
"For the stable distribution (woody), this bug has been fixed in
version 2.2.1-4.6.
The testing and unstable distribution (sarge and sid) are not affected
by this problem.
We recommend that you update your python2.2 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"patch_publication_date", value:"2004/10/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.0", prefix:"idle-python2.2", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-dev", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-doc", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-elisp", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-examples", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-gdbm", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-mpz", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-tk", reference:"2.2.1-4.6")) flag++;
if (deb_check(release:"3.0", prefix:"python2.2-xmlbase", reference:"2.2.1-4.6")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");