Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-696.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : python (openSUSE-SU-2013:1438-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.5%

JSON

This python update includes a SSL certificates fix.

  • handle NULL bytes in certain fields of SSL certificates (CVE-2013-4238, bnc#834601, CVE-2013-4238_py27.patch)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-696.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75137);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-4238");

  script_name(english:"openSUSE Security Update : python (openSUSE-SU-2013:1438-1)");
  script_summary(english:"Check for the openSUSE-2013-696 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This python update includes a SSL certificates fix.

  - handle NULL bytes in certain fields of SSL certificates
    (CVE-2013-4238, bnc#834601, CVE-2013-4238_py27.patch)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=834601"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected python packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-demo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-doc-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-idle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.3", reference:"libpython2_7-1_0-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libpython2_7-1_0-debuginfo-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-base-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-base-debuginfo-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-base-debugsource-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-curses-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-curses-debuginfo-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-debuginfo-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-debugsource-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-demo-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-devel-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-doc-pdf-2.7-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-gdbm-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-gdbm-debuginfo-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-idle-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-tk-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-tk-debuginfo-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-xml-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"python-xml-debuginfo-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libpython2_7-1_0-32bit-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libpython2_7-1_0-debuginfo-32bit-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"python-32bit-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"python-base-32bit-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"python-base-debuginfo-32bit-2.7.3-10.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"python-debuginfo-32bit-2.7.3-10.8.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpython2_7-1_0 / libpython2_7-1_0-32bit / etc");
}
VendorProductVersionCPE
novellopensuselibpython2_7-1_0p-cpe:/a:novell:opensuse:libpython2_7-1_0
novellopensuselibpython2_7-1_0-32bitp-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit
novellopensuselibpython2_7-1_0-debuginfop-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo
novellopensuselibpython2_7-1_0-debuginfo-32bitp-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit
novellopensusepythonp-cpe:/a:novell:opensuse:python
novellopensusepython-32bitp-cpe:/a:novell:opensuse:python-32bit
novellopensusepython-basep-cpe:/a:novell:opensuse:python-base
novellopensusepython-base-32bitp-cpe:/a:novell:opensuse:python-base-32bit
novellopensusepython-base-debuginfop-cpe:/a:novell:opensuse:python-base-debuginfo
novellopensusepython-base-debuginfo-32bitp-cpe:/a:novell:opensuse:python-base-debuginfo-32bit
Rows per page:
1-10 of 271

Related

nessus 32
openvas 44
fedora 10
centos 1
oraclelinux 1
redhat 2
ubuntu 4
securityvulns 2
veracode 1
mageia 2
prion 2
debiancve 1
cve 2
debian 2
osv 4
f5 2
cvelist 1
amazon 2
ubuntucve 1
nvd 2
seebug 1
vmware 2
ibm 1
suse 1
nessus
nessus
Ubuntu 10.04 LTS : python2.6 vulnerability (USN-1982-1)
2013-10-02 00:00:00
CentOS 6 : python (CESA-2013:1582)
2014-11-12 00:00:00
openSUSE Security Update : python (openSUSE-SU-2013:1440-1)
2014-06-13 00:00:00
openvas
openvas
Ubuntu Update for python2.6 USN-1982-1
2013-10-03 00:00:00
Fedora Update for python FEDORA-2013-15146
2013-08-27 00:00:00
Fedora Update for python3 FEDORA-2013-21418
2013-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: python3-3.3.2-6.fc19
2013-08-27 23:35:51
[SECURITY] Fedora 19 Update: python3-3.3.2-8.fc19
2013-11-26 04:01:31
[SECURITY] Fedora 19 Update: python-2.7.5-4.fc19
2013-08-24 22:27:19
centos
centos
python, tkinter security update
2013-11-26 13:32:42
oraclelinux
oraclelinux
python security, bug fix, and enhancement update
2013-11-26 00:00:00
redhat
redhat
(RHSA-2013:1582) Moderate: python security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update
2013-11-21 00:00:00
ubuntu
ubuntu
Python 2.6 vulnerability
2013-10-01 00:00:00
Python 3.2 vulnerabilities
2013-10-01 00:00:00
Python 3.3 vulnerabilities
2013-10-01 00:00:00
securityvulns
securityvulns
Python SSL certificate check bypass
2013-10-02 00:00:00
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
2014-12-11 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 08:51:35
mageia
mageia
Updated python packages fix CVE-2013-4328 and pip
2013-08-17 12:43:24
Updated python3, bzr and some python packages fix security vulnerabilties
2013-08-22 21:58:14
prion
prion
Design/Logic Flaw
2013-08-27 03:34:00
Design/Logic Flaw
2013-08-18 02:52:00
debiancve
debiancve
CVE-2013-4238
2013-08-18 02:52:22
cve
cve
CVE-2013-4328
2022-10-03 16:14:58
CVE-2013-4238
2013-08-18 02:52:22
debian
debian
[SECURITY] [DSA 2880-1] python2.7 security update
2014-03-17 18:07:37
[DLA 25-1] python2.6 security update
2014-07-31 21:07:32
osv
osv
python2.7 - security update
2014-03-17 00:00:00
python2.6 - regression update
2014-07-31 00:00:00
python2.6 - regression update
2014-07-31 00:00:00
f5
f5
SOL15638 - Python vulnerability CVE-2013-4238
2014-09-29 00:00:00
K15638 : Python vulnerability CVE-2013-4238
2014-10-17 00:00:00
cvelist
cvelist
CVE-2013-4238
2013-08-18 01:00:00
amazon
amazon
Medium: python27
2013-09-04 13:31:00
Medium: python26
2013-11-03 12:09:00
ubuntucve
ubuntucve
CVE-2013-4238
2013-08-17 00:00:00
nvd
nvd
CVE-2013-4238
2013-08-18 02:52:22
CVE-2013-4328
2013-08-27 03:34:35
seebug
seebug
Pythonๅคšไธชๅฎ‰ๅ…จๆผๆดž
2013-12-30 00:00:00
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in python 2.6.4 used in OS Image for AIX shipped with IBM Cloud Pak System
2020-05-06 11:57:04
suse
suse
Security update for python3 (important)
2020-01-21 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.5%

JSON
Related for OPENSUSE-2013-696.NASL
nessus32openvas44fedora10centos1oraclelinux1redhat2ubuntu4securityvulns2veracode1mageia2prion2debiancve1cve2debian2osv4f52cvelist1amazon2ubuntucve1nvd2seebug1vmware2ibm1suse1