Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2013:117 | First vendor Publication | 2013-04-10 |
Vendor | Mandriva | Last vendor Modification | 2013-04-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Updated python packages fix security vulnerabilities: A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944). Additionally, python has been built against the system expat and ffi libraries, to avoid any future issues with those (mitigates CVE-2012-0876 for expat). |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:117 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19784 | |||
Oval ID: | oval:org.mitre.oval:def:19784 | ||
Title: | VMware security updates for vSphere API and ESX Service Console | ||
Description: | Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-4944 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20396 | |||
Oval ID: | oval:org.mitre.oval:def:20396 | ||
Title: | VMware security updates for vSphere API and ESX Service Console | ||
Description: | The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-0876 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-11-16 | Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console File : nvt/gb_VMSA-2012-0016.nasl |
2012-10-26 | Name : Ubuntu Update for python3.1 USN-1616-1 File : nvt/gb_ubuntu_USN_1616_1.nasl |
2012-10-26 | Name : Ubuntu Update for python3.2 USN-1615-1 File : nvt/gb_ubuntu_USN_1615_1.nasl |
2012-10-19 | Name : Ubuntu Update for python2.4 USN-1613-2 File : nvt/gb_ubuntu_USN_1613_2.nasl |
2012-10-19 | Name : Ubuntu Update for python2.5 USN-1613-1 File : nvt/gb_ubuntu_USN_1613_1.nasl |
2012-10-05 | Name : Ubuntu Update for python2.6 USN-1596-1 File : nvt/gb_ubuntu_USN_1596_1.nasl |
2012-10-03 | Name : Ubuntu Update for python2.7 USN-1592-1 File : nvt/gb_ubuntu_USN_1592_1.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-06 (expat) File : nvt/glsa_201209_06.nasl |
2012-09-11 | Name : Ubuntu Update for xmlrpc-c USN-1527-2 File : nvt/gb_ubuntu_USN_1527_2.nasl |
2012-08-30 | Name : Fedora Update for expat FEDORA-2012-4936 File : nvt/gb_fedora_2012_4936_expat_fc17.nasl |
2012-08-14 | Name : Ubuntu Update for expat USN-1527-1 File : nvt/gb_ubuntu_USN_1527_1.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2525-1 (expat) File : nvt/deb_2525_1.nasl |
2012-08-03 | Name : Mandriva Update for expat MDVSA-2012:041 (expat) File : nvt/gb_mandriva_MDVSA_2012_041.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2012:0745 centos5 File : nvt/gb_CESA-2012_0745_python_centos5.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2012:0744 centos6 File : nvt/gb_CESA-2012_0744_python_centos6.nasl |
2012-07-30 | Name : CentOS Update for expat CESA-2012:0731 centos6 File : nvt/gb_CESA-2012_0731_expat_centos6.nasl |
2012-07-30 | Name : CentOS Update for expat CESA-2012:0731 centos5 File : nvt/gb_CESA-2012_0731_expat_centos5.nasl |
2012-06-22 | Name : Mandriva Update for python MDVSA-2012:096 (python) File : nvt/gb_mandriva_MDVSA_2012_096.nasl |
2012-06-22 | Name : Mandriva Update for python MDVSA-2012:097 (python) File : nvt/gb_mandriva_MDVSA_2012_097.nasl |
2012-06-19 | Name : RedHat Update for python RHSA-2012:0745-01 File : nvt/gb_RHSA-2012_0745-01_python.nasl |
2012-06-19 | Name : RedHat Update for python RHSA-2012:0744-01 File : nvt/gb_RHSA-2012_0744-01_python.nasl |
2012-06-15 | Name : RedHat Update for expat RHSA-2012:0731-01 File : nvt/gb_RHSA-2012_0731-01_expat.nasl |
2012-05-17 | Name : Fedora Update for expat FEDORA-2012-6996 File : nvt/gb_fedora_2012_6996_expat_fc15.nasl |
2012-05-04 | Name : Fedora Update for expat FEDORA-2012-5058 File : nvt/gb_fedora_2012_5058_expat_fc16.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-11-29 | IAVM : 2012-A-0189 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0035032 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-05-07 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_8719b9358bae41ad92ba3c826f651219.nasl - Type : ACT_GATHER_INFO |
2018-05-07 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2018-124-01.nasl - Type : ACT_GATHER_INFO |
2017-10-12 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_9164f51eae2011e7a633009c02a2ab30.nasl - Type : ACT_GATHER_INFO |
2017-02-21 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-260.nasl - Type : ACT_GATHER_INFO |
2017-02-09 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0424-1.nasl - Type : ACT_GATHER_INFO |
2017-02-08 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-0415-1.nasl - Type : ACT_GATHER_INFO |
2017-01-06 | Name : A vulnerability scanner installed on the remote host is affected by multiple ... File : pvs_5_2_0.nasl - Type : ACT_GATHER_INFO |
2016-10-27 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL70938105.nasl - Type : ACT_GATHER_INFO |
2016-06-09 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c9c252f52def11e6ae88002590263bf5.nasl - Type : ACT_GATHER_INFO |
2016-06-09 | Name : The remote Debian host is missing a security update. File : debian_DLA-508.nasl - Type : ACT_GATHER_INFO |
2016-06-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3597.nasl - Type : ACT_GATHER_INFO |
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0016_remote.nasl - Type : ACT_GATHER_INFO |
2015-12-11 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2015-008.nasl - Type : ACT_GATHER_INFO |
2015-12-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_11_2.nasl - Type : ACT_GATHER_INFO |
2015-09-18 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16949.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130410.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libexpat_20120918.nasl - Type : ACT_GATHER_INFO |
2014-12-12 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-302.nasl - Type : ACT_GATHER_INFO |
2013-10-23 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_9.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-98.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-89.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0744.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0745.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0731.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-117.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_python-randomisation-update-120517.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_expat-120424.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_python-randomisation-update-120516.nasl - Type : ACT_GATHER_INFO |
2012-11-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0016.nasl - Type : ACT_GATHER_INFO |
2012-10-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1616-1.nasl - Type : ACT_GATHER_INFO |
2012-10-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1615-1.nasl - Type : ACT_GATHER_INFO |
2012-10-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1613-2.nasl - Type : ACT_GATHER_INFO |
2012-10-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1613-1.nasl - Type : ACT_GATHER_INFO |
2012-10-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1596-1.nasl - Type : ACT_GATHER_INFO |
2012-10-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1592-1.nasl - Type : ACT_GATHER_INFO |
2012-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-06.nasl - Type : ACT_GATHER_INFO |
2012-09-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1527-2.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-097.nasl - Type : ACT_GATHER_INFO |
2012-08-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1527-1.nasl - Type : ACT_GATHER_INFO |
2012-08-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2525.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120618_python_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120618_python_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120613_expat_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-096.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_expat-8015.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0744.nasl - Type : ACT_GATHER_INFO |
2012-06-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0744.nasl - Type : ACT_GATHER_INFO |
2012-06-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0745.nasl - Type : ACT_GATHER_INFO |
2012-06-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0745.nasl - Type : ACT_GATHER_INFO |
2012-06-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0731.nasl - Type : ACT_GATHER_INFO |
2012-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0731.nasl - Type : ACT_GATHER_INFO |
2012-05-16 | Name : The remote Fedora host is missing a security update. File : fedora_2012-6996.nasl - Type : ACT_GATHER_INFO |
2012-05-01 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5058.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4936.nasl - Type : ACT_GATHER_INFO |
2012-03-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-041.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:40 |
|
2013-04-10 17:18:26 |
|