Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:082-1 (python)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50857

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:082-1 (python)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to python
announced via advisory MDKSA-2002:082-1.

A vulnerability was discovered in python by Zack Weinberg in the way
that the execvpe() method from the os.py module uses a temporary file
name. The file is created in an unsafe manner and execvpe() tries to
execute it, which can be used by a local attacker to execute arbitrary
code with the privilege of the user running the python code that is
using this method.

Update:

The previously released packages for 9.0 had an incorrect dependency on
libdb.so.2 instead of libdb.so.3. This update corrects that problem.

Affected versions: 9.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:082-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1119
http://mail.python.org/pipermail/python-dev/2002-August/027223.html
http://python.org/sf/590294

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: BugTraq ID: 5581
Common Vulnerability Exposure (CVE) ID: CVE-2002-1119
http://www.securityfocus.com/bid/5581
Bugtraq: 20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python) (Google Search)
http://marc.info/?l=bugtraq&m=104333092200589&w=2
Caldera Security Advisory: CSSA-2002-045.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-045.0.txt
Conectiva Linux advisory: CLA-2002:527
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527
Debian Security Information: DSA-159 (Google Search)
http://www.debian.org/security/2002/dsa-159
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php
http://mail.python.org/pipermail/python-dev/2002-August/027229.html
http://www.redhat.com/support/errata/RHSA-2002-202.html
http://www.redhat.com/support/errata/RHSA-2003-048.html
http://www.iss.net/security_center/static/10009.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50857
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:082-1 (python)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to python announced via advisory MDKSA-2002:082-1. A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. Update: The previously released packages for 9.0 had an incorrect dependency on libdb.so.2 instead of libdb.so.3. This update corrects that problem. Affected versions: 9.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:082-1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1119 http://mail.python.org/pipermail/python-dev/2002-August/027223.html http://python.org/sf/590294 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	BugTraq ID: 5581 Common Vulnerability Exposure (CVE) ID: CVE-2002-1119 http://www.securityfocus.com/bid/5581 Bugtraq: 20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python) (Google Search) http://marc.info/?l=bugtraq&m=104333092200589&w=2 Caldera Security Advisory: CSSA-2002-045.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-045.0.txt Conectiva Linux advisory: CLA-2002:527 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527 Debian Security Information: DSA-159 (Google Search) http://www.debian.org/security/2002/dsa-159 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php http://mail.python.org/pipermail/python-dev/2002-August/027229.html http://www.redhat.com/support/errata/RHSA-2002-202.html http://www.redhat.com/support/errata/RHSA-2003-048.html http://www.iss.net/security_center/static/10009.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com