Web application abuses : CPython Man in Middle Attack and Code Execution Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.809217

Categoría: Web application abuses

Título: CPython Man in Middle Attack and Code Execution Vulnerabilities - Linux

Resumen: CPython is prone to a man in middle attack and an arbitrary; code execution vulnerability.

Descripción: Summary:
CPython is prone to a man in middle attack and an arbitrary
code execution vulnerability.

Vulnerability Insight:
Multiple flaws exist due to the smtplib library in CPython
does not return an error when StartTLS fails and integer overflow error in the 'get_data'
function in 'zipimport.c' script.

Vulnerability Impact:
Successful exploitation will allow man-in-the-middle attackers
to bypass the TLS protections and remote attackers to cause buffer overflow.

Affected Software/OS:
CPython before 2.7.12, 3.x before 3.4.5, and 3.5.x
before 3.5.2.

Solution:
Update to version CPython 2.7.12, 3.4.5, 3.5.2 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5636
BugTraq ID: 91247
http://www.securityfocus.com/bid/91247
https://security.gentoo.org/glsa/201701-18
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html
http://www.openwall.com/lists/oss-security/2016/06/15/15
http://www.openwall.com/lists/oss-security/2016/06/16/1
RedHat Security Advisories: RHSA-2016:2586
http://rhn.redhat.com/errata/RHSA-2016-2586.html
http://www.securitytracker.com/id/1038138
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-0772
91225
http://www.securityfocus.com/bid/91225
GLSA-201701-18
RHSA-2016:1626
http://rhn.redhat.com/errata/RHSA-2016-1626.html
RHSA-2016:1627
http://rhn.redhat.com/errata/RHSA-2016-1627.html
RHSA-2016:1628
http://rhn.redhat.com/errata/RHSA-2016-1628.html
RHSA-2016:1629
http://rhn.redhat.com/errata/RHSA-2016-1629.html
RHSA-2016:1630
http://rhn.redhat.com/errata/RHSA-2016-1630.html
[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update
[oss-security] 20160614 Python CVE-2016-0772: smtplib StartTLS stripping attack
http://www.openwall.com/lists/oss-security/2016/06/14/9
http://www.splunk.com/view/SP-CAAAPSV
http://www.splunk.com/view/SP-CAAAPUE
https://bugzilla.redhat.com/show_bug.cgi?id=1303647
https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5
https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2
https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS
https://hg.python.org/cpython/rev/b3ce713fb9be
https://hg.python.org/cpython/rev/d590114c2394
openSUSE-SU-2020:0086

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.809217
Categoría:	Web application abuses
Título:	CPython Man in Middle Attack and Code Execution Vulnerabilities - Linux
Resumen:	CPython is prone to a man in middle attack and an arbitrary; code execution vulnerability.
Descripción:	Summary: CPython is prone to a man in middle attack and an arbitrary code execution vulnerability. Vulnerability Insight: Multiple flaws exist due to the smtplib library in CPython does not return an error when StartTLS fails and integer overflow error in the 'get_data' function in 'zipimport.c' script. Vulnerability Impact: Successful exploitation will allow man-in-the-middle attackers to bypass the TLS protections and remote attackers to cause buffer overflow. Affected Software/OS: CPython before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2. Solution: Update to version CPython 2.7.12, 3.4.5, 3.5.2 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5636 BugTraq ID: 91247 http://www.securityfocus.com/bid/91247 https://security.gentoo.org/glsa/201701-18 https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html http://www.openwall.com/lists/oss-security/2016/06/15/15 http://www.openwall.com/lists/oss-security/2016/06/16/1 RedHat Security Advisories: RHSA-2016:2586 http://rhn.redhat.com/errata/RHSA-2016-2586.html http://www.securitytracker.com/id/1038138 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2016-0772 91225 http://www.securityfocus.com/bid/91225 GLSA-201701-18 RHSA-2016:1626 http://rhn.redhat.com/errata/RHSA-2016-1626.html RHSA-2016:1627 http://rhn.redhat.com/errata/RHSA-2016-1627.html RHSA-2016:1628 http://rhn.redhat.com/errata/RHSA-2016-1628.html RHSA-2016:1629 http://rhn.redhat.com/errata/RHSA-2016-1629.html RHSA-2016:1630 http://rhn.redhat.com/errata/RHSA-2016-1630.html [debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update [oss-security] 20160614 Python CVE-2016-0772: smtplib StartTLS stripping attack http://www.openwall.com/lists/oss-security/2016/06/14/9 http://www.splunk.com/view/SP-CAAAPSV http://www.splunk.com/view/SP-CAAAPUE https://bugzilla.redhat.com/show_bug.cgi?id=1303647 https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5 https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2 https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS https://hg.python.org/cpython/rev/b3ce713fb9be https://hg.python.org/cpython/rev/d590114c2394 openSUSE-SU-2020:0086
Copyright	Copyright (C) 2016 Greenbone AG