Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2014-213.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : python (openSUSE-SU-2014:0380-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.53 Medium
EPSS
Percentile
97.6%
Python was updated to 2.7.6 to fix bugs and security issues :
-
bugfix-only release
-
SSL-related fixes
-
upstream fix for CVE-2013-4238
-
upstream fixes for CVE-2013-1752
-
added patches for CVE-2013-1752 (bnc#856836) issues that are missing in 2.7.6: python-2.7.6-imaplib.patch python-2.7.6-poplib.patch smtplib_maxline-2.7.patch
-
CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: xmlrpc_gzip_27.patch
-
python-2.7.6-bdist-rpm.patch: fix broken ‘setup.py bdist_rpm’ command (bnc#857470, issue18045)
-
multilib patch: add ‘~/.local/lib64’ paths to search path (bnc#637176)
-
CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow in socket.recvfrom_into (CVE-2014-1912, bnc#863741)
-
Add Obsoletes/Provides for python-ctypes.
-
reintroduce audioop.so as the problems with it seem to be fixed (bnc#831442)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-213.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75294);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-1752", "CVE-2013-1753", "CVE-2013-4238", "CVE-2014-1912");
script_name(english:"openSUSE Security Update : python (openSUSE-SU-2014:0380-1)");
script_summary(english:"Check for the openSUSE-2014-213 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Python was updated to 2.7.6 to fix bugs and security issues :
- bugfix-only release
- SSL-related fixes
- upstream fix for CVE-2013-4238
- upstream fixes for CVE-2013-1752
- added patches for CVE-2013-1752 (bnc#856836) issues that
are missing in 2.7.6: python-2.7.6-imaplib.patch
python-2.7.6-poplib.patch smtplib_maxline-2.7.patch
- CVE-2013-1753 (bnc#856835) gzip decompression bomb in
xmlrpc client: xmlrpc_gzip_27.patch
- python-2.7.6-bdist-rpm.patch: fix broken 'setup.py
bdist_rpm' command (bnc#857470, issue18045)
- multilib patch: add '~/.local/lib64' paths to search
path (bnc#637176)
- CVE-2014-1912-recvfrom_into.patch: fix potential buffer
overflow in socket.recvfrom_into (CVE-2014-1912,
bnc#863741)
- Add Obsoletes/Provides for python-ctypes.
- reintroduce audioop.so as the problems with it seem to
be fixed (bnc#831442)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=637176"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=831442"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=856835"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=856836"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=857470"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=863741"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2014-03/msg00044.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected python packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-base-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-curses-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-demo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-doc-pdf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-gdbm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-idle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-tk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-xml-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/18");
script_set_attribute(attribute:"patch_publication_date", value:"2014/03/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"libpython2_7-1_0-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libpython2_7-1_0-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-base-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-base-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-base-debugsource-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-curses-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-curses-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-debugsource-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-demo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-devel-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-doc-pdf-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-gdbm-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-gdbm-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-idle-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-tk-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-tk-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-xml-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"python-xml-debuginfo-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpython2_7-1_0-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpython2_7-1_0-debuginfo-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python-base-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python-base-debuginfo-32bit-2.7.6-8.6.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python-debuginfo-32bit-2.7.6-8.6.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libpython2_7-1_0 | p-cpe:/a:novell:opensuse:libpython2_7-1_0 |
| novell | opensuse | libpython2_7-1_0-32bit | p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit |
| novell | opensuse | libpython2_7-1_0-debuginfo | p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo |
| novell | opensuse | libpython2_7-1_0-debuginfo-32bit | p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit |
| novell | opensuse | python | p-cpe:/a:novell:opensuse:python |
| novell | opensuse | python-32bit | p-cpe:/a:novell:opensuse:python-32bit |
| novell | opensuse | python-base | p-cpe:/a:novell:opensuse:python-base |
| novell | opensuse | python-base-32bit | p-cpe:/a:novell:opensuse:python-base-32bit |
| novell | opensuse | python-base-debuginfo | p-cpe:/a:novell:opensuse:python-base-debuginfo |
| novell | opensuse | python-base-debuginfo-32bit | p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912
bugzilla.novell.com/show_bug.cgi?id=637176
bugzilla.novell.com/show_bug.cgi?id=831442
bugzilla.novell.com/show_bug.cgi?id=856835
bugzilla.novell.com/show_bug.cgi?id=856836
bugzilla.novell.com/show_bug.cgi?id=857470
bugzilla.novell.com/show_bug.cgi?id=863741
lists.opensuse.org/opensuse-updates/2014-03/msg00044.html
Related
nessus
nessus
openSUSE Security Update : python3 (openSUSE-SU-2014:0498-1)
2014-06-13 00:00:00
Debian DSA-2880-1 : python2.7 - security update
2014-03-18 00:00:00
Mandriva Linux Security Advisory : python (MDVSA-2014:074)
2014-04-10 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:1006-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1012-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:0997-1)
2021-06-09 00:00:00
debian
debian
[SECURITY] [DSA 2880-1] python2.7 security update
2014-03-17 18:07:37
osv
osv
python2.7 - security update
2014-03-17 00:00:00
python2.6 - regression update
2014-07-31 00:00:00
python2.6 - regression update
2014-07-31 00:00:00
mageia
mageia
Updated python & python3 packages fix multiple vulnerabilities
2014-02-20 01:24:08
Updated python package fixes security vulnerabilities
2014-03-24 11:37:41
seebug
seebug
Python多个安全漏洞
2013-12-30 00:00:00
Python "sock_recvfrom_into()" 缓冲区溢出漏洞
2014-02-25 00:00:00
Python socket.recvfrom_into() - Remote Buffer Overflow
2014-07-01 00:00:00
redhat
redhat
(RHSA-2015:1330) Moderate: python security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2013:1582) Moderate: python security, bug fix, and enhancement update
2013-11-21 00:00:00
veracode
veracode
Sensitive Information Leakage
2019-05-02 05:39:25
Improper Input Validation
2019-05-02 05:39:24
Improper Input Validation
2019-05-02 05:39:24
archlinux
archlinux
python2: multiple issues
2014-12-15 00:00:00
amazon
amazon
Medium: python27
2015-06-22 10:31:00
Medium: python26
2013-11-03 12:09:00
Medium: python27
2014-02-26 14:28:00
oraclelinux
oraclelinux
python27 security, bug fix, and enhancement update
2016-02-04 00:00:00
python security, bug fix, and enhancement update
2015-07-28 00:00:00
python security, bug fix, and enhancement update
2015-11-23 00:00:00
ibm
ibm
centos
centos
python, tkinter security update
2015-07-26 14:11:19
python, tkinter security update
2013-11-26 13:32:42
python, tkinter security update
2015-11-30 19:48:49
zdt
zdt
Python socket.recvfrom_into() remote buffer overflow exploit
2014-02-23 00:00:00
exploitpack
exploitpack
Python - socket.recvfrom_into() Remote Buffer Overflow
2014-02-24 00:00:00
cvelist
cvelist
fedora
fedora
[SECURITY] Fedora 20 Update: python-2.7.5-10.fc20
2014-02-14 07:51:33
[SECURITY] Fedora 20 Update: python3-3.3.2-9.fc20
2014-02-15 07:05:19
[SECURITY] Fedora 21 Update: python-2.7.8-8.fc21
2015-04-18 09:43:06
securityvulns
securityvulns
[ MDVSA-2014:041 ] python
2014-03-03 00:00:00
Python buffer overflow
2014-03-03 00:00:00
Python SSL certificate check bypass
2013-10-02 00:00:00
nvd
nvd
prion
prion
Buffer overflow
2014-03-01 00:55:00
Design/Logic Flaw
2019-06-03 20:15:00
Cross site request forgery (csrf)
2020-03-11 17:15:00
ubuntucve
ubuntucve
ubuntu
ubuntu
Python vulnerability
2014-03-03 00:00:00
Python vulnerabilities
2015-06-25 00:00:00
Python 2.6 vulnerability
2013-10-01 00:00:00
cve
cve
debiancve
debiancve
CVE-2014-1912
2014-03-01 00:55:05
CVE-2013-1753
2020-03-11 17:15:12
freebsd
freebsd
Python -- buffer overflow in socket.recvfrom_into()
2014-01-14 00:00:00
f5
f5
K53192206 : Python and Jython vulnerability CVE-2013-1752
2017-07-21 00:00:00
SOL15638 - Python vulnerability CVE-2013-4238
2014-09-29 00:00:00
exploitdb
exploitdb
Python - 'socket.recvfrom_into()' Remote Buffer Overflow
2014-02-24 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2015-03-18 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.53 Medium
EPSS
Percentile
97.6%
Related for OPENSUSE-2014-213.NASL