Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.841195
Category:Ubuntu Local Security Checks
Title:Ubuntu Update for python2.5 USN-1613-1
Summary:Ubuntu Update for Linux kernel vulnerabilities USN-1613-1
Description:Summary:
Ubuntu Update for Linux kernel vulnerabilities USN-1613-1

Vulnerability Insight:
It was discovered that Python would prepend an empty string to sys.path
under certain circumstances. A local attacker with write access to the
current working directory could exploit this to execute arbitrary code.
(CVE-2008-5983)

It was discovered that the audioop module did not correctly perform input
validation. If a user or automatated system were tricked into opening a
crafted audio file, an attacker could cause a denial of service via
application crash. (CVE-2010-1634, CVE-2010-2089)

Giampaolo Rodola discovered several race conditions in the smtpd module.
A remote attacker could exploit this to cause a denial of service via
daemon outage. (CVE-2010-3493)

It was discovered that the CGIHTTPServer module did not properly perform
input validation on certain HTTP GET requests. A remote attacker could
potentially obtain access to CGI script source files. (CVE-2011-1015)

Niels Heinen discovered that the urllib and urllib2 modules would process
Location headers that specify a redirection to file: URLs. A remote
attacker could exploit this to obtain sensitive information or cause a
denial of service. (CVE-2011-1521)

It was discovered that SimpleHTTPServer did not use a charset parameter in
the Content-Type HTTP header. An attacker could potentially exploit this
to conduct cross-site scripting (XSS) attacks against Internet Explorer 7
users. (CVE-2011-4940)

It was discovered that Python distutils contained a race condition when
creating the ~
/.pypirc file. A local attacker could exploit this to obtain
sensitive information. (CVE-2011-4944)

It was discovered that SimpleXMLRPCServer did not properly validate its
input when handling HTTP POST requests. A remote attacker could exploit
this to cause a denial of service via excessive CPU utilization.
(CVE-2012-0845)

It was discovered that the Expat module in Python 2.5 computed hash values
without restricting the ability to trigger hash collisions predictably. If
a user or application using pyexpat were tricked into opening a crafted XML
file, an attacker could cause a denial of service by consuming excessive
CPU resources. (CVE-2012-0876)

Tim Boddy discovered that the Expat module in Python 2.5 did not properly
handle memory reallocation when processing XML files. If a user or
application using pyexpat were tricked into opening a crafted XML file, an
attacker could cause a denial of service by consuming excessive memory
resources. (CVE-2012-1148)

Affected Software/OS:
python2.5 on Ubuntu 8.04 LTS

Solution:
Please Install the Updated Packages.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5983
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html
http://security.gentoo.org/glsa/glsa-200903-41.xml
http://security.gentoo.org/glsa/glsa-200904-06.xml
https://bugzilla.redhat.com/show_bug.cgi?id=482814
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.openwall.com/lists/oss-security/2009/01/28/5
http://www.openwall.com/lists/oss-security/2009/01/30/2
http://www.redhat.com/support/errata/RHSA-2011-0027.html
http://secunia.com/advisories/34522
http://secunia.com/advisories/40194
http://secunia.com/advisories/42888
http://secunia.com/advisories/50858
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://secunia.com/advisories/51087
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
http://www.ubuntu.com/usn/USN-1616-1
http://www.vupen.com/english/advisories/2010/1448
http://www.vupen.com/english/advisories/2011/0122
Common Vulnerability Exposure (CVE) ID: CVE-2010-1634
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BugTraq ID: 40370
http://www.securityfocus.com/bid/40370
http://secunia.com/advisories/39937
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0212
Common Vulnerability Exposure (CVE) ID: CVE-2010-2089
BugTraq ID: 40863
http://www.securityfocus.com/bid/40863
Common Vulnerability Exposure (CVE) ID: CVE-2010-3493
BugTraq ID: 44533
http://www.securityfocus.com/bid/44533
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
http://www.mandriva.com/security/advisories?name=MDVSA-2010:216
http://bugs.python.org/issue6706
https://bugs.launchpad.net/zodb/+bug/135108
http://www.openwall.com/lists/oss-security/2010/09/09/6
http://www.openwall.com/lists/oss-security/2010/09/11/2
http://www.openwall.com/lists/oss-security/2010/09/22/3
http://www.openwall.com/lists/oss-security/2010/09/24/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210
Common Vulnerability Exposure (CVE) ID: CVE-2011-1015
BugTraq ID: 46541
http://www.securityfocus.com/bid/46541
http://www.mandriva.com/security/advisories?name=MDVSA-2011:096
http://openwall.com/lists/oss-security/2011/02/23/27
http://openwall.com/lists/oss-security/2011/02/24/10
http://securitytracker.com/id?1025489
Common Vulnerability Exposure (CVE) ID: CVE-2011-1521
http://openwall.com/lists/oss-security/2011/03/24/5
http://openwall.com/lists/oss-security/2011/03/28/2
http://openwall.com/lists/oss-security/2011/09/11/1
http://openwall.com/lists/oss-security/2011/09/13/2
http://openwall.com/lists/oss-security/2011/09/15/5
http://securitytracker.com/id?1025488
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.ubuntu.com/usn/USN-1592-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-4940
BugTraq ID: 54083
http://www.securityfocus.com/bid/54083
http://jvn.jp/en/jp/JVN51176027/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063
Common Vulnerability Exposure (CVE) ID: CVE-2011-4944
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555
https://bugzilla.redhat.com/show_bug.cgi?id=758905
http://www.openwall.com/lists/oss-security/2012/03/27/2
http://www.openwall.com/lists/oss-security/2012/03/27/10
http://www.openwall.com/lists/oss-security/2012/03/27/5
http://secunia.com/advisories/51089
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.ubuntu.com/usn/USN-1615-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0845
http://www.openwall.com/lists/oss-security/2012/02/13/4
http://www.securitytracker.com/id?1026689
Common Vulnerability Exposure (CVE) ID: CVE-2012-0876
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
BugTraq ID: 52379
http://www.securityfocus.com/bid/52379
Debian Security Information: DSA-2525 (Google Search)
http://www.debian.org/security/2012/dsa-2525
http://www.mandriva.com/security/advisories?name=MDVSA-2012:041
http://bugs.python.org/issue13703#msg151870
http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
RedHat Security Advisories: RHSA-2012:0731
http://rhn.redhat.com/errata/RHSA-2012-0731.html
RedHat Security Advisories: RHSA-2016:0062
http://rhn.redhat.com/errata/RHSA-2016-0062.html
RedHat Security Advisories: RHSA-2016:2957
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://secunia.com/advisories/49504
http://www.ubuntu.com/usn/USN-1527-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1148
http://www.securitytracker.com/id/1034344
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.