Executive Summary
Summary | |
---|---|
Title | Python 2.6 vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1596-1 | First vendor Publication | 2012-10-04 |
Vendor | Ubuntu | Last vendor Modification | 2012-10-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Python 2.6. Software Description: - python2.6: An interactive high-level object-oriented language Details: It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This updates adds the '-R' command line option and honors setting the PYTHONHASHSEED environment variable to 'random' to salt str and datetime objects with an unpredictable value. (CVE-2012-1150) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: Ubuntu 11.04: Ubuntu 10.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1596-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
20 % | CWE-399 | Resource Management Errors |
10 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
10 % | CWE-426 | Untrusted Search Path |
10 % | CWE-362 | Race Condition |
10 % | CWE-310 | Cryptographic Issues |
10 % | CWE-264 | Permissions, Privileges, and Access Controls |
10 % | CWE-200 | Information Exposure |
10 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
10 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15345 | |||
Oval ID: | oval:org.mitre.oval:def:15345 | ||
Title: | USN-1314-1 -- Python 3 vulnerabilities | ||
Description: | python3.1: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Applications using certain Python 3 modules could be made to crash or expose sensitive information over the network. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1314-1 CVE-2010-3493 CVE-2011-1521 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Python |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17976 | |||
Oval ID: | oval:org.mitre.oval:def:17976 | ||
Title: | USN-1592-1 -- python2.7 vulnerabilities | ||
Description: | Several security issues were fixed in Python 2.7. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1592-1 CVE-2011-1521 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 | Version: | 7 |
Platform(s): | Ubuntu 11.10 Ubuntu 11.04 | Product(s): | python2.7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18043 | |||
Oval ID: | oval:org.mitre.oval:def:18043 | ||
Title: | USN-1596-1 -- python2.6 vulnerabilities | ||
Description: | Several security issues were fixed in Python 2.6. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1596-1 CVE-2008-5983 CVE-2010-1634 CVE-2010-2089 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 | Version: | 7 |
Platform(s): | Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | python2.6 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19755 | |||
Oval ID: | oval:org.mitre.oval:def:19755 | ||
Title: | VMware ESXi and ESX updates to third party library and ESX Service Console | ||
Description: | Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3493 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19784 | |||
Oval ID: | oval:org.mitre.oval:def:19784 | ||
Title: | VMware security updates for vSphere API and ESX Service Console | ||
Description: | Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-4944 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20200 | |||
Oval ID: | oval:org.mitre.oval:def:20200 | ||
Title: | VMware ESXi and ESX updates to third party library and ESX Service Console | ||
Description: | The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1521 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20416 | |||
Oval ID: | oval:org.mitre.oval:def:20416 | ||
Title: | VMware ESXi and ESX updates to third party library and ESX Service Console | ||
Description: | The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1015 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20623 | |||
Oval ID: | oval:org.mitre.oval:def:20623 | ||
Title: | VMware security updates for vSphere API and ESX Service Console | ||
Description: | The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-4940 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20677 | |||
Oval ID: | oval:org.mitre.oval:def:20677 | ||
Title: | VMware security updates for vSphere API and ESX Service Console | ||
Description: | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-1150 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21287 | |||
Oval ID: | oval:org.mitre.oval:def:21287 | ||
Title: | RHSA-2012:0745: python security update (Moderate) | ||
Description: | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0745-00 CESA-2012:0745 CVE-2011-4940 CVE-2011-4944 CVE-2012-1150 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | python |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21389 | |||
Oval ID: | oval:org.mitre.oval:def:21389 | ||
Title: | RHSA-2012:0744: python security update (Moderate) | ||
Description: | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0744-01 CESA-2012:0744 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | python |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21626 | |||
Oval ID: | oval:org.mitre.oval:def:21626 | ||
Title: | RHSA-2011:0554: python security, bug fix, and enhancement update (Moderate) | ||
Description: | The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0554-01 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | python python-docs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21921 | |||
Oval ID: | oval:org.mitre.oval:def:21921 | ||
Title: | RHSA-2011:0027: python security, bug fix, and enhancement update (Low) | ||
Description: | The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0027-01 CVE-2008-5983 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 CVE-2010-1634 CVE-2010-2089 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | python |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21923 | |||
Oval ID: | oval:org.mitre.oval:def:21923 | ||
Title: | RHSA-2011:0492: python security update (Moderate) | ||
Description: | The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0492-01 CESA-2011:0492 CVE-2009-3720 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | python |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22821 | |||
Oval ID: | oval:org.mitre.oval:def:22821 | ||
Title: | ELSA-2011:0027: python security, bug fix, and enhancement update (Low) | ||
Description: | The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0027-01 CVE-2008-5983 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 CVE-2010-1634 CVE-2010-2089 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | python |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23066 | |||
Oval ID: | oval:org.mitre.oval:def:23066 | ||
Title: | ELSA-2012:0745: python security update (Moderate) | ||
Description: | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0745-00 CVE-2011-4940 CVE-2011-4944 CVE-2012-1150 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | python |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23229 | |||
Oval ID: | oval:org.mitre.oval:def:23229 | ||
Title: | ELSA-2011:0492: python security update (Moderate) | ||
Description: | The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0492-01 CVE-2009-3720 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | python |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23473 | |||
Oval ID: | oval:org.mitre.oval:def:23473 | ||
Title: | ELSA-2011:0554: python security, bug fix, and enhancement update (Moderate) | ||
Description: | The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0554-01 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 | Version: | 17 |
Platform(s): | Oracle Linux 6 | Product(s): | python python-docs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23753 | |||
Oval ID: | oval:org.mitre.oval:def:23753 | ||
Title: | ELSA-2012:0744: python security update (Moderate) | ||
Description: | Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0744-01 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 | Version: | 21 |
Platform(s): | Oracle Linux 6 | Product(s): | python |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27594 | |||
Oval ID: | oval:org.mitre.oval:def:27594 | ||
Title: | DEPRECATED: ELSA-2012-0745 -- python security update (moderate) | ||
Description: | [2.4.3-46.el5_8.2] - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 [2.4.3-46.el5_8.1] - distutils.commands.register: create ~/.pypirc securely Resolves: CVE-2011-4944 - send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940 - oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0745 CVE-2011-4940 CVE-2011-4944 CVE-2012-1150 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | python |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27651 | |||
Oval ID: | oval:org.mitre.oval:def:27651 | ||
Title: | DEPRECATED: ELSA-2012-0744 -- python security update (moderate) | ||
Description: | [2.6.6-29.el6_2.2] - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 [2.6.6-29.el6_2.1] - distutils.config: create ~/.pypirc securely Resolves: CVE-2011-4944 - fix endless loop in SimpleXMLRPCServer upon malformed POST request Resolves: CVE-2012-0845 - send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940 - oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0744 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | python |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28032 | |||
Oval ID: | oval:org.mitre.oval:def:28032 | ||
Title: | DEPRECATED: ELSA-2011-0554 -- python security, bug fix, and enhancement update (moderate) | ||
Description: | python: [2.6.6-20] Resolves: CVE-2010-3493 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0554 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | python python-docs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28060 | |||
Oval ID: | oval:org.mitre.oval:def:28060 | ||
Title: | DEPRECATED: ELSA-2011-0492 -- python security update (moderate) | ||
Description: | [2.4.3-44] - add patch adapted from upstream (patch 208) to add support for building against system expat; add --with-system-expat to configure invocation; remove embedded copy of expat-1.95.8 from the source tree during prep - ensure pyexpat.so gets built by explicitly listing all C modules in the payload in %files, rather than using dynfiles Resolves: CVE-2009-3720 - backport three security fixes to 2.4 (patches 209, 210, 211): Resolves: CVE-2011-1521 Resolves: CVE-2011-1015 Resolves: CVE-2010-3493 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0492 CVE-2009-3720 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | python |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28118 | |||
Oval ID: | oval:org.mitre.oval:def:28118 | ||
Title: | DEPRECATED: ELSA-2011-0027 -- python security, bug fix, and enhancement update (low) | ||
Description: | [2.4.3-43] - add missing patch 206 Related: rhbz#549372 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0027 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 CVE-2010-1634 CVE-2010-2089 CVE-2008-5983 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | python |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-11-16 | Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console File : nvt/gb_VMSA-2012-0016.nasl |
2012-10-26 | Name : Ubuntu Update for python3.1 USN-1616-1 File : nvt/gb_ubuntu_USN_1616_1.nasl |
2012-10-26 | Name : Ubuntu Update for python3.2 USN-1615-1 File : nvt/gb_ubuntu_USN_1615_1.nasl |
2012-10-19 | Name : Ubuntu Update for python2.4 USN-1613-2 File : nvt/gb_ubuntu_USN_1613_2.nasl |
2012-10-19 | Name : Ubuntu Update for python2.5 USN-1613-1 File : nvt/gb_ubuntu_USN_1613_1.nasl |
2012-10-05 | Name : Ubuntu Update for python2.6 USN-1596-1 File : nvt/gb_ubuntu_USN_1596_1.nasl |
2012-10-03 | Name : Ubuntu Update for python2.7 USN-1592-1 File : nvt/gb_ubuntu_USN_1592_1.nasl |
2012-08-30 | Name : Fedora Update for python FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python_fc17.nasl |
2012-08-30 | Name : Fedora Update for python-docs FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python-docs_fc17.nasl |
2012-08-30 | Name : Fedora Update for python3 FEDORA-2012-5785 File : nvt/gb_fedora_2012_5785_python3_fc17.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2011:0491 centos4 x86_64 File : nvt/gb_CESA-2011_0491_python_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2011:0492 centos5 x86_64 File : nvt/gb_CESA-2011_0492_python_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2012:0744 centos6 File : nvt/gb_CESA-2012_0744_python_centos6.nasl |
2012-07-30 | Name : CentOS Update for python CESA-2012:0745 centos5 File : nvt/gb_CESA-2012_0745_python_centos5.nasl |
2012-06-22 | Name : Fedora Update for python3 FEDORA-2012-9135 File : nvt/gb_fedora_2012_9135_python3_fc16.nasl |
2012-06-22 | Name : Mandriva Update for python MDVSA-2012:096 (python) File : nvt/gb_mandriva_MDVSA_2012_096.nasl |
2012-06-22 | Name : Mandriva Update for python MDVSA-2012:097 (python) File : nvt/gb_mandriva_MDVSA_2012_097.nasl |
2012-06-19 | Name : RedHat Update for python RHSA-2012:0745-01 File : nvt/gb_RHSA-2012_0745-01_python.nasl |
2012-06-19 | Name : RedHat Update for python RHSA-2012:0744-01 File : nvt/gb_RHSA-2012_0744-01_python.nasl |
2012-06-06 | Name : RedHat Update for python RHSA-2011:0554-01 File : nvt/gb_RHSA-2011_0554-01_python.nasl |
2012-05-08 | Name : Fedora Update for python-docs FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python-docs_fc16.nasl |
2012-05-08 | Name : Fedora Update for python FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python_fc16.nasl |
2012-05-04 | Name : Fedora Update for python3 FEDORA-2012-5916 File : nvt/gb_fedora_2012_5916_python3_fc15.nasl |
2012-03-15 | Name : VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Ser... File : nvt/gb_VMSA-2012-0001.nasl |
2012-03-12 | Name : FreeBSD Ports: python32 File : nvt/freebsd_python32.nasl |
2011-12-23 | Name : Ubuntu Update for python3.1 USN-1314-1 File : nvt/gb_ubuntu_USN_1314_1.nasl |
2011-10-20 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl |
2011-08-09 | Name : CentOS Update for python CESA-2011:0492 centos5 i386 File : nvt/gb_CESA-2011_0492_python_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for python CESA-2011:0491 centos4 i386 File : nvt/gb_CESA-2011_0491_python_centos4_i386.nasl |
2011-06-07 | Name : Python CGIHTTPServer Module Information Disclosure Vulnerability File : nvt/gb_python_cgi_info_disc_vuln_win.nasl |
2011-06-07 | Name : Python Multiple Vulnerabilities (Windows) File : nvt/gb_python_mult_vuln_win.nasl |
2011-05-23 | Name : Mandriva Update for python MDVSA-2011:096 (python) File : nvt/gb_mandriva_MDVSA_2011_096.nasl |
2011-05-06 | Name : RedHat Update for python RHSA-2011:0492-01 File : nvt/gb_RHSA-2011_0492-01_python.nasl |
2011-05-06 | Name : RedHat Update for python RHSA-2011:0491-01 File : nvt/gb_RHSA-2011_0491-01_python.nasl |
2011-01-14 | Name : RedHat Update for python RHSA-2011:0027-01 File : nvt/gb_RHSA-2011_0027-01_python.nasl |
2010-11-16 | Name : Mandriva Update for python MDVSA-2010:215 (python) File : nvt/gb_mandriva_MDVSA_2010_215.nasl |
2010-11-16 | Name : Mandriva Update for python MDVSA-2010:216 (python) File : nvt/gb_mandriva_MDVSA_2010_216.nasl |
2010-09-07 | Name : Fedora Update for python3 FEDORA-2010-13388 File : nvt/gb_fedora_2010_13388_python3_fc13.nasl |
2010-07-16 | Name : Mandriva Update for python MDVSA-2010:132 (python) File : nvt/gb_mandriva_MDVSA_2010_132.nasl |
2010-07-06 | Name : Fedora Update for python FEDORA-2010-9565 File : nvt/gb_fedora_2010_9565_python_fc12.nasl |
2010-06-18 | Name : Fedora Update for python FEDORA-2010-9652 File : nvt/gb_fedora_2010_9652_python_fc13.nasl |
2010-04-30 | Name : Mandriva Update for plymouth MDVA-2010:132 (plymouth) File : nvt/gb_mandriva_MDVA_2010_132.nasl |
2009-04-15 | Name : Gentoo Security Advisory GLSA 200904-06 (eog) File : nvt/glsa_200904_06.nasl |
2009-04-06 | Name : Gentoo Security Advisory GLSA 200903-41 (gedit) File : nvt/glsa_200903_41.nasl |
2009-03-13 | Name : FreeBSD Ports: epiphany File : nvt/freebsd_epiphany.nasl |
2009-02-18 | Name : FreeBSD Ports: dia File : nvt/freebsd_dia0.nasl |
2009-02-10 | Name : Fedora Core 10 FEDORA-2009-1289 (gnumeric) File : nvt/fcore_2009_1289.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71361 | Python CGIHTTPServer Module cgi-bin Code Disclosure Python contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the 'CGIHTTPServer' module does not handle HTTP requests to scripts in the 'cgi-bin' directory correctly, which will disclose CGI script source code to a remote attacker via crafted requests to the server. |
71330 | Python urllib.request file:// URL Handler Redirect Issue Python contains a flaw related to the urllib/urlib2 redirect handling allowing file:// URL schemes. This may allow a remote attacker to use a crafted HTTP redirect response to disclose sensitive information or cause a denial of service via resource consumption. |
68739 | Python smptd Module smtpd.py Race Condition TCP Connection Termination Multip... |
65151 | Python Audioop Module audioop.reverse Call Crafted Argument DoS |
64957 | Python Audioop Module audioop.c Multiple Function Overflows |
53373 | Python PySys_SetArgv API Function Search Path Subversion Local Privilege Esca... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-11-29 | IAVM : 2012-A-0189 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0035032 |
2012-02-02 | IAVM : 2012-A-0020 - Multiple Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity : Category I - VMSKEY : V0031252 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0001_remote.nasl - Type : ACT_GATHER_INFO |
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0016_remote.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130410.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130313.nasl - Type : ACT_GATHER_INFO |
2014-12-12 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libpython2_6-1_0-110506.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libpython2_6-1_0-110506.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libpython2_6-1_0-101028.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-302.nasl - Type : ACT_GATHER_INFO |
2014-01-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-04.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_608089_remote.nasl - Type : ACT_GATHER_INFO |
2013-10-23 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_9.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-81.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-80.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-98.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0745.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0744.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0492.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0491.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-117.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_python-randomisation-update-120516.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_apache2-mod_python-120503.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_python-randomisation-update-120517.nasl - Type : ACT_GATHER_INFO |
2012-11-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0016.nasl - Type : ACT_GATHER_INFO |
2012-10-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1616-1.nasl - Type : ACT_GATHER_INFO |
2012-10-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1615-1.nasl - Type : ACT_GATHER_INFO |
2012-10-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1613-1.nasl - Type : ACT_GATHER_INFO |
2012-10-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1613-2.nasl - Type : ACT_GATHER_INFO |
2012-10-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1596-1.nasl - Type : ACT_GATHER_INFO |
2012-10-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1592-1.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-097.nasl - Type : ACT_GATHER_INFO |
2012-08-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_python-8127.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120618_python_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120618_python_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_python_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110505_python_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110113_python_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-096.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0744.nasl - Type : ACT_GATHER_INFO |
2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9135.nasl - Type : ACT_GATHER_INFO |
2012-06-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0744.nasl - Type : ACT_GATHER_INFO |
2012-06-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0745.nasl - Type : ACT_GATHER_INFO |
2012-06-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0745.nasl - Type : ACT_GATHER_INFO |
2012-05-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5924.nasl - Type : ACT_GATHER_INFO |
2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5785.nasl - Type : ACT_GATHER_INFO |
2012-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5916.nasl - Type : ACT_GATHER_INFO |
2012-05-02 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5892.nasl - Type : ACT_GATHER_INFO |
2012-04-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-8080.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b4f8be9e56b211e19fb7003067b2972c.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0001.nasl - Type : ACT_GATHER_INFO |
2011-12-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1314-1.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-7506.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_2.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-006.nasl - Type : ACT_GATHER_INFO |
2011-05-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-7509.nasl - Type : ACT_GATHER_INFO |
2011-05-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpython2_6-1_0-110506.nasl - Type : ACT_GATHER_INFO |
2011-05-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-096.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0554.nasl - Type : ACT_GATHER_INFO |
2011-05-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpython2_6-1_0-110506.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0492.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0491.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0491.nasl - Type : ACT_GATHER_INFO |
2011-05-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0492.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpython2_6-1_0-101028.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpython2_6-1_0-101109.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-7314.nasl - Type : ACT_GATHER_INFO |
2011-01-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0027.nasl - Type : ACT_GATHER_INFO |
2010-12-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpython2_6-1_0-101028.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-216.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-215.nasl - Type : ACT_GATHER_INFO |
2010-09-04 | Name : The remote Fedora host is missing a security update. File : fedora_2010-13388.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-132.nasl - Type : ACT_GATHER_INFO |
2010-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9565.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9652.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-1289.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-06.nasl - Type : ACT_GATHER_INFO |
2009-03-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-41.nasl - Type : ACT_GATHER_INFO |
2009-03-12 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e848a92f0e7d11de92de000bcdc1757a.nasl - Type : ACT_GATHER_INFO |
2009-02-05 | Name : The remote Fedora host is missing a security update. File : fedora_2009-1295.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:00:51 |
|