Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title python security update
Informations
Name RHSA-2009:1176 First vendor Publication 2009-07-27
Vendor RedHat Last vendor Modification 2009-07-27
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming language.

When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887)

Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031)

Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2007-4965, CVE-2008-4864)

Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144)

Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143)

An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1721)

A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052)

Red Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-2315 issue.

All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

235093 - CVE-2007-2052 python off-by-one locale.strxfrm() (possible memory disclosure) 295971 - CVE-2007-4965 python imageop module heap corruption 442005 - CVE-2008-1721 python: integer signedness error in the zlib extension module 443810 - CVE-2008-1887 python: PyString_FromStringAndSize does not check for negative size values 454990 - CVE-2008-3142 python: Multiple buffer overflows in unicode processing 455008 - CVE-2008-2315 python: Multiple integer overflows in python core 455013 - CVE-2008-3143 python: Multiple integer overflows discovered by Google 455018 - CVE-2008-3144 python: Potential integer underflow and overflow in the PyOS_vsnprintf C API function 469656 - CVE-2008-4864 python: imageop module multiple integer overflows 470915 - CVE-2008-5031 python: stringobject, unicodeobject integer overflows

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1176.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
20 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)
10 % CWE-681 Incorrect Conversion between Numeric Types
10 % CWE-193 Off-by-one Error
10 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10170
 
Oval ID: oval:org.mitre.oval:def:10170
Title: Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
Description: Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3144
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10407
 
Oval ID: oval:org.mitre.oval:def:10407
Title: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
Description: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1887
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10702
 
Oval ID: oval:org.mitre.oval:def:10702
Title: Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Description: Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4864
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10804
 
Oval ID: oval:org.mitre.oval:def:10804
Title: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Description: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4965
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11280
 
Oval ID: oval:org.mitre.oval:def:11280
Title: Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Description: Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5031
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11466
 
Oval ID: oval:org.mitre.oval:def:11466
Title: Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
Description: Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3142
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11716
 
Oval ID: oval:org.mitre.oval:def:11716
Title: Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
Description: Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2052
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13081
 
Oval ID: oval:org.mitre.oval:def:13081
Title: USN-806-1 -- python2.4, python2.5 vulnerabilities
Description: It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS. Multiple integer overflows were discovered in Python�s stringobject and unicodeobject expandtabs method. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service
Family: unix Class: patch
Reference(s): USN-806-1
CVE-2008-4864
CVE-2008-5031
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): python2.4
python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17381
 
Oval ID: oval:org.mitre.oval:def:17381
Title: USN-632-1 -- python2.4, python2.5 vulnerabilities
Description: It was discovered that there were new integer overflows in the imageop module.
Family: unix Class: patch
Reference(s): USN-632-1
CVE-2008-1679
CVE-2008-1721
CVE-2008-1887
CVE-2008-2315
CVE-2008-2316
CVE-2008-3142
CVE-2008-3143
CVE-2008-3144
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): python2.4
python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17622
 
Oval ID: oval:org.mitre.oval:def:17622
Title: USN-585-1 -- python2.4/2.5 vulnerabilities
Description: Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer.
Family: unix Class: patch
Reference(s): USN-585-1
CVE-2007-2052
CVE-2007-4965
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
Product(s): python2.4
python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18481
 
Oval ID: oval:org.mitre.oval:def:18481
Title: DSA-1551-1 python2.4 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Python language.
Family: unix Class: patch
Reference(s): DSA-1551-1
CVE-2007-2052
CVE-2007-4965
CVE-2008-1679
CVE-2008-1721
CVE-2008-1887
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): python2.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19316
 
Oval ID: oval:org.mitre.oval:def:19316
Title: DSA-1667-1 python2.4 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Python language.
Family: unix Class: patch
Reference(s): DSA-1667-1
CVE-2008-2315
CVE-2008-3142
CVE-2008-3143
CVE-2008-3144
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): python2.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20188
 
Oval ID: oval:org.mitre.oval:def:20188
Title: DSA-1620-1 python2.5 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Python language.
Family: unix Class: patch
Reference(s): DSA-1620-1
CVE-2007-2052
CVE-2007-4965
CVE-2008-1679
CVE-2008-1721
CVE-2008-1887
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22809
 
Oval ID: oval:org.mitre.oval:def:22809
Title: ELSA-2009:1176: python security update (Moderate)
Description: Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Family: unix Class: patch
Reference(s): ELSA-2009:1176-01
CVE-2007-2052
CVE-2007-4965
CVE-2008-1721
CVE-2008-1887
CVE-2008-2315
CVE-2008-3142
CVE-2008-3143
CVE-2008-3144
CVE-2008-4864
CVE-2008-5031
Version: 45
Platform(s): Oracle Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29294
 
Oval ID: oval:org.mitre.oval:def:29294
Title: RHSA-2009:1176 -- python security update (Moderate)
Description: Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language.
Family: unix Class: patch
Reference(s): RHSA-2009:1176
CESA-2009:1176-CentOS 5
CVE-2007-2052
CVE-2007-4965
CVE-2008-1721
CVE-2008-1887
CVE-2008-2315
CVE-2008-3142
CVE-2008-3143
CVE-2008-3144
CVE-2008-4864
CVE-2008-5031
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7720
 
Oval ID: oval:org.mitre.oval:def:7720
Title: VMware python multiple integer overflows vulnerability
Description: Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."
Family: unix Class: vulnerability
Reference(s): CVE-2008-3143
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7725
 
Oval ID: oval:org.mitre.oval:def:7725
Title: VMware python multiple integer overflows vulnerability in the PyOS_vsnprintf function
Description: Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3144
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7901
 
Oval ID: oval:org.mitre.oval:def:7901
Title: DSA-1667 python2.4 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules. Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows. Several integer overflows were discovered in various Python core modules. Several integer overflows were discovered in the PyOS_vsnprintf() function.
Family: unix Class: patch
Reference(s): DSA-1667
CVE-2008-2315
CVE-2008-3142
CVE-2008-3143
CVE-2008-3144
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): python2.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7981
 
Oval ID: oval:org.mitre.oval:def:7981
Title: DSA-1620 python2.5 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1620
CVE-2007-2052
CVE-2007-4965
CVE-2008-1679
CVE-2008-1721
CVE-2008-1887
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): python2.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8152
 
Oval ID: oval:org.mitre.oval:def:8152
Title: DSA-1551 python2.4 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1551
CVE-2007-2052
CVE-2007-4965
CVE-2008-1679
CVE-2008-1721
CVE-2008-1887
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): python2.4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8249
 
Oval ID: oval:org.mitre.oval:def:8249
Title: Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
Description: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1721
Version: 1
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8353
 
Oval ID: oval:org.mitre.oval:def:8353
Title: VMware python PyLocale_strxfrm function vulnerability
Description: Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2052
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8354
 
Oval ID: oval:org.mitre.oval:def:8354
Title: VMware python multiple integer overflows vulnerability in the imageop module
Description: Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4864
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8422
 
Oval ID: oval:org.mitre.oval:def:8422
Title: VMware python multiple buffer overflows vulnerability
Description: Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3142
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8445
 
Oval ID: oval:org.mitre.oval:def:8445
Title: Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
Description: Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2315
Version: 1
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8486
 
Oval ID: oval:org.mitre.oval:def:8486
Title: VMware python integer overflows vulnerability in the imageop module
Description: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4965
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8494
 
Oval ID: oval:org.mitre.oval:def:8494
Title: VMware python zlib extension module vulnerability
Description: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1721
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8496
 
Oval ID: oval:org.mitre.oval:def:8496
Title: Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
Description: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4965
Version: 1
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8564
 
Oval ID: oval:org.mitre.oval:def:8564
Title: VMware python multiple integer overflows vulnerability
Description: Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5031
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8624
 
Oval ID: oval:org.mitre.oval:def:8624
Title: VMware python PyString_FromStringAndSize function vulnerability
Description: Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1887
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8683
 
Oval ID: oval:org.mitre.oval:def:8683
Title: VMware python multiple integer overflows vulnerability
Description: Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2315
Version: 4
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8996
 
Oval ID: oval:org.mitre.oval:def:8996
Title: Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."
Description: Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."
Family: unix Class: vulnerability
Reference(s): CVE-2008-3143
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9407
 
Oval ID: oval:org.mitre.oval:def:9407
Title: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
Description: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1721
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9761
 
Oval ID: oval:org.mitre.oval:def:9761
Title: Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
Description: Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2315
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 42
Os 4
Os 1

ExploitDB Exploits

id Description
2009-11-24 Python < 2.5.2 Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for python CESA-2009:1176 centos5 i386
File : nvt/gb_CESA-2009_1176_python_centos5_i386.nasl
2011-08-09 Name : CentOS Update for python CESA-2009:1178 centos3 i386
File : nvt/gb_CESA-2009_1178_python_centos3_i386.nasl
2010-11-16 Name : Mandriva Update for python MDVSA-2010:215 (python)
File : nvt/gb_mandriva_MDVSA_2010_215.nasl
2010-07-16 Name : Mandriva Update for python MDVSA-2010:132 (python)
File : nvt/gb_mandriva_MDVSA_2010_132.nasl
2010-05-12 Name : Mac OS X Security Update 2009-001
File : nvt/macosx_secupd_2009-001.nasl
2010-05-12 Name : Mac OS X Security Update 2007-009
File : nvt/macosx_secupd_2007-009.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for Python
File : nvt/sles10_python1.nasl
2009-10-13 Name : SLES10: Security update for Python
File : nvt/sles10_python0.nasl
2009-10-13 Name : SLES10: Security update for Python
File : nvt/sles10_python.nasl
2009-10-10 Name : SLES9: Security update for Python
File : nvt/sles9p5040780.nasl
2009-10-10 Name : SLES9: Security update for Python
File : nvt/sles9p5032900.nasl
2009-10-10 Name : SLES9: Security update for Python
File : nvt/sles9p5021835.nasl
2009-10-10 Name : SLES9: Security update for Python
File : nvt/sles9p5021454.nasl
2009-08-17 Name : CentOS Security Advisory CESA-2009:1176 (python)
File : nvt/ovcesa2009_1176.nasl
2009-07-29 Name : CentOS Security Advisory CESA-2009:1178 (python)
File : nvt/ovcesa2009_1178.nasl
2009-07-29 Name : Gentoo Security Advisory GLSA 200907-16 (python)
File : nvt/glsa_200907_16.nasl
2009-07-29 Name : RedHat Security Advisory RHSA-2009:1177
File : nvt/RHSA_2009_1177.nasl
2009-07-29 Name : Ubuntu USN-806-1 (python2.5)
File : nvt/ubuntu_806_1.nasl
2009-07-29 Name : RedHat Security Advisory RHSA-2009:1176
File : nvt/RHSA_2009_1176.nasl
2009-07-29 Name : RedHat Security Advisory RHSA-2009:1178
File : nvt/RHSA_2009_1178.nasl
2009-04-09 Name : Mandriva Update for python MDVSA-2008:163 (python)
File : nvt/gb_mandriva_MDVSA_2008_163.nasl
2009-04-09 Name : Mandriva Update for python MDVSA-2008:085 (python)
File : nvt/gb_mandriva_MDVSA_2008_085.nasl
2009-04-09 Name : Mandriva Update for python MDVSA-2008:013 (python)
File : nvt/gb_mandriva_MDVSA_2008_013.nasl
2009-04-09 Name : Mandriva Update for python MDKSA-2007:099 (python)
File : nvt/gb_mandriva_MDKSA_2007_099.nasl
2009-03-23 Name : Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1
File : nvt/gb_ubuntu_USN_585_1.nasl
2009-03-23 Name : Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1
File : nvt/gb_ubuntu_USN_632_1.nasl
2009-03-06 Name : RedHat Update for python RHSA-2007:1076-02
File : nvt/gb_RHSA-2007_1076-02_python.nasl
2009-03-06 Name : RedHat Update for python RHSA-2007:1077-01
File : nvt/gb_RHSA-2007_1077-01_python.nasl
2009-02-27 Name : CentOS Update for python-docs CESA-2007:1076 centos3 x86_64
File : nvt/gb_CESA-2007_1076_python-docs_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for python-docs CESA-2007:1076 centos3 i386
File : nvt/gb_CESA-2007_1076_python-docs_centos3_i386.nasl
2009-02-27 Name : CentOS Update for python CESA-2007:1077-01 centos2 i386
File : nvt/gb_CESA-2007_1077-01_python_centos2_i386.nasl
2009-02-27 Name : Fedora Update for python FEDORA-2007-2663
File : nvt/gb_fedora_2007_2663_python_fc7.nasl
2009-02-13 Name : Mandrake Security Advisory MDVSA-2009:036 (python)
File : nvt/mdksa_2009_036.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3)
File : nvt/suse_sr_2009_001b.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0)
File : nvt/suse_sr_2009_001a.nasl
2009-01-20 Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1)
File : nvt/suse_sr_2009_001.nasl
2009-01-13 Name : Mandrake Security Advisory MDVSA-2009:003 (python)
File : nvt/mdksa_2009_003.nasl
2008-11-24 Name : Debian Security Advisory DSA 1667-1 (python2.4)
File : nvt/deb_1667_1.nasl
2008-11-14 Name : Python Multiple Integer Overflow Vulnerabilities (Win)
File : nvt/gb_python_intgr_overflow_vuln_win.nasl
2008-11-11 Name : Python Imageop Module imageop.crop() BOF Vulnerability (Win)
File : nvt/gb_python_imageop_bof_vuln_win.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200807-16 (python)
File : nvt/glsa_200807_16.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200711-07 (python)
File : nvt/glsa_200711_07.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200807-01 (python)
File : nvt/glsa_200807_01.nasl
2008-09-17 Name : FreeBSD Ports: python24
File : nvt/freebsd_python24.nasl
2008-09-04 Name : FreeBSD Ports: python23
File : nvt/freebsd_python23.nasl
2008-08-22 Name : Python Multiple Vulnerabilities (Win)
File : nvt/secpod_python_mult_vuln_win_900105.nasl
2008-08-22 Name : Python Multiple Vulnerabilities (Linux)
File : nvt/secpod_python_mult_vuln_lin_900106.nasl
2008-08-15 Name : Debian Security Advisory DSA 1620-1 (python2.5)
File : nvt/deb_1620_1.nasl
2008-04-21 Name : Debian Security Advisory DSA 1551-1 (python2.4)
File : nvt/deb_1551_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-217-01 python
File : nvt/esoft_slk_ssa_2008_217_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50097 Python imageop Module imageop.c crop Function Multiple Overflows

An integer overflow exists in python. Python fails to validate input in imageop.c of the imageop module which results in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
50096 Python Overflow Python/ Multiple Files Unspecified Overflow

50095 Python Overflow Parser/node.c Unspecified Overflow

50094 Python Overflow Objects/ Multiple Files Unspecified Overflow

50093 Python Overflow Modules/ Multiple Files Unspecified Overflow

50092 Python Overflow Include/pymem.h Unspecified Overflow

47481 Python mysnprintf.c PyOS_vsnprintf Function Multiple Overflows

Python contains a flaw that may allow a denial of service. The issue is triggered by an integer overflow in the PyOS_vsnprintf function in Python/mysnprintf.c, and will result in loss of availability for the affected process.
47480 Python PyMem_RESIZE Macro unicode_resize Function Unicode String Handling Mul...

47478 Python Multiple Modules Multiple Unspecified Overflows

44730 Python PyString_FromStringAndSize Function Memory Allocation Overflow

44693 Python zlib Extension Module Signed Integer Handling Arbitrary Remote Code Ex...

An overflow exists in python. Python fails to validate input resulting in a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
40142 Python imageop Module tovideo() Function Overflow

35247 Python Modules/_localemodule.c PyLocale_strxfrm() Function Arbitrary Memory D...

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_python_20130313.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1178.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1177.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1176.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-1076.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090728_python_for_SL_4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090728_python_for_SL_3_0_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090727_python_for_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071210_python_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-11-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-215.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-132.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_python-5837.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12046.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12215.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12316.nasl - Type : ACT_GATHER_INFO
2009-07-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1178.nasl - Type : ACT_GATHER_INFO
2009-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO
2009-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1177.nasl - Type : ACT_GATHER_INFO
2009-07-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1178.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2008-0003.nasl - Type : ACT_GATHER_INFO
2009-07-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-806-1.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_python-081201.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_python-080801.nasl - Type : ACT_GATHER_INFO
2009-07-20 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200907-16.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-003.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-163.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-085.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-013.nasl - Type : ACT_GATHER_INFO
2009-02-13 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO
2009-01-11 Name : The remote openSUSE host is missing a security update.
File : suse_python-5848.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1667.nasl - Type : ACT_GATHER_INFO
2008-09-11 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_0dccaa287f3c11dd8de50030843d3802.nasl - Type : ACT_GATHER_INFO
2008-08-17 Name : The remote openSUSE host is missing a security update.
File : suse_python-5491.nasl - Type : ACT_GATHER_INFO
2008-08-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_python-5490.nasl - Type : ACT_GATHER_INFO
2008-08-05 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-217-01.nasl - Type : ACT_GATHER_INFO
2008-08-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-632-1.nasl - Type : ACT_GATHER_INFO
2008-08-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200807-16.nasl - Type : ACT_GATHER_INFO
2008-07-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1620.nasl - Type : ACT_GATHER_INFO
2008-07-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200807-01.nasl - Type : ACT_GATHER_INFO
2008-04-28 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ec41c3e2129c11ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO
2008-04-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1551.nasl - Type : ACT_GATHER_INFO
2008-03-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-585-1.nasl - Type : ACT_GATHER_INFO
2008-02-01 Name : The remote openSUSE host is missing a security update.
File : suse_python-4900.nasl - Type : ACT_GATHER_INFO
2008-02-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_python-4902.nasl - Type : ACT_GATHER_INFO
2007-12-18 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_python-3750.nasl - Type : ACT_GATHER_INFO
2007-12-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-1076.nasl - Type : ACT_GATHER_INFO
2007-12-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1077.nasl - Type : ACT_GATHER_INFO
2007-12-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1076.nasl - Type : ACT_GATHER_INFO
2007-11-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200711-07.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-2663.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_python-3749.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_python-3478.nasl - Type : ACT_GATHER_INFO
2007-05-10 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-099.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:52:41
  • Multiple Updates