Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title python security update
Informations
Name RHSA-2012:0745 First vendor Publication 2012-06-18
Vendor RedHat Last vendor Modification 2012-06-18
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming language.

A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150)

Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new "PYTHONHASHSEED" environment variable or the Python interpreter's "-R" command line option can be used. Refer to the python(1) manual page for details.

The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module.

A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940)

A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944)

Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2012-1150.

All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

750555 - CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003) 758905 - CVE-2011-4944 python: distutils creates ~/.pypirc insecurely 803500 - CVE-2011-4940 python: potential XSS in SimpleHTTPServer's list_directory()

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-0745.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-310 Cryptographic Issues
33 % CWE-264 Permissions, Privileges, and Access Controls
33 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17976
 
Oval ID: oval:org.mitre.oval:def:17976
Title: USN-1592-1 -- python2.7 vulnerabilities
Description: Several security issues were fixed in Python 2.7.
Family: unix Class: patch
Reference(s): USN-1592-1
CVE-2011-1521
CVE-2011-4940
CVE-2011-4944
CVE-2012-0845
CVE-2012-1150
Version: 7
Platform(s): Ubuntu 11.10
Ubuntu 11.04
Product(s): python2.7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18043
 
Oval ID: oval:org.mitre.oval:def:18043
Title: USN-1596-1 -- python2.6 vulnerabilities
Description: Several security issues were fixed in Python 2.6.
Family: unix Class: patch
Reference(s): USN-1596-1
CVE-2008-5983
CVE-2010-1634
CVE-2010-2089
CVE-2010-3493
CVE-2011-1015
CVE-2011-1521
CVE-2011-4940
CVE-2011-4944
CVE-2012-0845
CVE-2012-1150
Version: 7
Platform(s): Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Product(s): python2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19784
 
Oval ID: oval:org.mitre.oval:def:19784
Title: VMware security updates for vSphere API and ESX Service Console
Description: Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4944
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20623
 
Oval ID: oval:org.mitre.oval:def:20623
Title: VMware security updates for vSphere API and ESX Service Console
Description: The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.
Family: unix Class: vulnerability
Reference(s): CVE-2011-4940
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20677
 
Oval ID: oval:org.mitre.oval:def:20677
Title: VMware security updates for vSphere API and ESX Service Console
Description: Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1150
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21287
 
Oval ID: oval:org.mitre.oval:def:21287
Title: RHSA-2012:0745: python security update (Moderate)
Description: Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family: unix Class: patch
Reference(s): RHSA-2012:0745-00
CESA-2012:0745
CVE-2011-4940
CVE-2011-4944
CVE-2012-1150
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21389
 
Oval ID: oval:org.mitre.oval:def:21389
Title: RHSA-2012:0744: python security update (Moderate)
Description: Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family: unix Class: patch
Reference(s): RHSA-2012:0744-01
CESA-2012:0744
CVE-2011-4940
CVE-2011-4944
CVE-2012-0845
CVE-2012-1150
Version: 55
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23066
 
Oval ID: oval:org.mitre.oval:def:23066
Title: ELSA-2012:0745: python security update (Moderate)
Description: Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family: unix Class: patch
Reference(s): ELSA-2012:0745-00
CVE-2011-4940
CVE-2011-4944
CVE-2012-1150
Version: 17
Platform(s): Oracle Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23753
 
Oval ID: oval:org.mitre.oval:def:23753
Title: ELSA-2012:0744: python security update (Moderate)
Description: Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family: unix Class: patch
Reference(s): ELSA-2012:0744-01
CVE-2011-4940
CVE-2011-4944
CVE-2012-0845
CVE-2012-1150
Version: 21
Platform(s): Oracle Linux 6
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27594
 
Oval ID: oval:org.mitre.oval:def:27594
Title: DEPRECATED: ELSA-2012-0745 -- python security update (moderate)
Description: [2.4.3-46.el5_8.2] - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 [2.4.3-46.el5_8.1] - distutils.commands.register: create ~/.pypirc securely Resolves: CVE-2011-4944 - send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940 - oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150
Family: unix Class: patch
Reference(s): ELSA-2012-0745
CVE-2011-4940
CVE-2011-4944
CVE-2012-1150
Version: 4
Platform(s): Oracle Linux 5
Product(s): python
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27651
 
Oval ID: oval:org.mitre.oval:def:27651
Title: DEPRECATED: ELSA-2012-0744 -- python security update (moderate)
Description: [2.6.6-29.el6_2.2] - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 [2.6.6-29.el6_2.1] - distutils.config: create ~/.pypirc securely Resolves: CVE-2011-4944 - fix endless loop in SimpleXMLRPCServer upon malformed POST request Resolves: CVE-2012-0845 - send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940 - oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150
Family: unix Class: patch
Reference(s): ELSA-2012-0744
CVE-2011-4940
CVE-2011-4944
CVE-2012-0845
CVE-2012-1150
Version: 4
Platform(s): Oracle Linux 6
Product(s): python
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 73

OpenVAS Exploits

Date Description
2012-11-16 Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console
File : nvt/gb_VMSA-2012-0016.nasl
2012-10-26 Name : Ubuntu Update for python3.1 USN-1616-1
File : nvt/gb_ubuntu_USN_1616_1.nasl
2012-10-26 Name : Ubuntu Update for python3.2 USN-1615-1
File : nvt/gb_ubuntu_USN_1615_1.nasl
2012-10-19 Name : Ubuntu Update for python2.4 USN-1613-2
File : nvt/gb_ubuntu_USN_1613_2.nasl
2012-10-19 Name : Ubuntu Update for python2.5 USN-1613-1
File : nvt/gb_ubuntu_USN_1613_1.nasl
2012-10-05 Name : Ubuntu Update for python2.6 USN-1596-1
File : nvt/gb_ubuntu_USN_1596_1.nasl
2012-10-03 Name : Ubuntu Update for python2.7 USN-1592-1
File : nvt/gb_ubuntu_USN_1592_1.nasl
2012-08-30 Name : Fedora Update for python3 FEDORA-2012-5785
File : nvt/gb_fedora_2012_5785_python3_fc17.nasl
2012-08-30 Name : Fedora Update for python-docs FEDORA-2012-5892
File : nvt/gb_fedora_2012_5892_python-docs_fc17.nasl
2012-08-30 Name : Fedora Update for python FEDORA-2012-5892
File : nvt/gb_fedora_2012_5892_python_fc17.nasl
2012-07-30 Name : CentOS Update for python CESA-2012:0745 centos5
File : nvt/gb_CESA-2012_0745_python_centos5.nasl
2012-07-30 Name : CentOS Update for python CESA-2012:0744 centos6
File : nvt/gb_CESA-2012_0744_python_centos6.nasl
2012-06-22 Name : Fedora Update for python3 FEDORA-2012-9135
File : nvt/gb_fedora_2012_9135_python3_fc16.nasl
2012-06-22 Name : Mandriva Update for python MDVSA-2012:096 (python)
File : nvt/gb_mandriva_MDVSA_2012_096.nasl
2012-06-22 Name : Mandriva Update for python MDVSA-2012:097 (python)
File : nvt/gb_mandriva_MDVSA_2012_097.nasl
2012-06-19 Name : RedHat Update for python RHSA-2012:0745-01
File : nvt/gb_RHSA-2012_0745-01_python.nasl
2012-06-19 Name : RedHat Update for python RHSA-2012:0744-01
File : nvt/gb_RHSA-2012_0744-01_python.nasl
2012-05-08 Name : Fedora Update for python FEDORA-2012-5924
File : nvt/gb_fedora_2012_5924_python_fc16.nasl
2012-05-08 Name : Fedora Update for python-docs FEDORA-2012-5924
File : nvt/gb_fedora_2012_5924_python-docs_fc16.nasl
2012-05-04 Name : Fedora Update for python3 FEDORA-2012-5916
File : nvt/gb_fedora_2012_5916_python3_fc15.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-11-29 IAVM : 2012-A-0189 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity : Category I - VMSKEY : V0035032

Nessus® Vulnerability Scanner

Date Description
2016-02-29 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2012-0016_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_python_20130410.nasl - Type : ACT_GATHER_INFO
2014-12-12 Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-302.nasl - Type : ACT_GATHER_INFO
2014-01-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-04.nasl - Type : ACT_GATHER_INFO
2013-10-23 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_9.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-98.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0745.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0744.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-117.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_python-randomisation-update-120516.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_apache2-mod_python-120503.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_python-randomisation-update-120517.nasl - Type : ACT_GATHER_INFO
2012-11-16 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2012-0016.nasl - Type : ACT_GATHER_INFO
2012-10-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1616-1.nasl - Type : ACT_GATHER_INFO
2012-10-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1615-1.nasl - Type : ACT_GATHER_INFO
2012-10-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1613-2.nasl - Type : ACT_GATHER_INFO
2012-10-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1613-1.nasl - Type : ACT_GATHER_INFO
2012-10-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1596-1.nasl - Type : ACT_GATHER_INFO
2012-10-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1592-1.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-097.nasl - Type : ACT_GATHER_INFO
2012-08-14 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-mod_python-8127.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120618_python_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120618_python_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-06-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-096.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Fedora host is missing a security update.
File : fedora_2012-9135.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0744.nasl - Type : ACT_GATHER_INFO
2012-06-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0745.nasl - Type : ACT_GATHER_INFO
2012-06-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0744.nasl - Type : ACT_GATHER_INFO
2012-06-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0745.nasl - Type : ACT_GATHER_INFO
2012-05-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-5924.nasl - Type : ACT_GATHER_INFO
2012-05-07 Name : The remote Fedora host is missing a security update.
File : fedora_2012-5785.nasl - Type : ACT_GATHER_INFO
2012-05-04 Name : The remote Fedora host is missing a security update.
File : fedora_2012-5916.nasl - Type : ACT_GATHER_INFO
2012-05-02 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-5892.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:56:01
  • Multiple Updates