Test ID:	1.3.6.1.4.1.25623.1.0.120185
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2014-425)
Summary:	The remote host is missing an update for the 'python-oauth2' package(s) announced via the ALAS-2014-425 advisory.
Description:	Summary: The remote host is missing an update for the 'python-oauth2' package(s) announced via the ALAS-2014-425 advisory. Vulnerability Insight: The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack. Affected Software/OS: 'python-oauth2' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4346 62386 http://www.securityfocus.com/bid/62386 [oss-security] 20130912 Re: cve requests for python-oauth2 http://www.openwall.com/lists/oss-security/2013/09/12/7 https://github.com/simplegeo/python-oauth2/issues/129 Common Vulnerability Exposure (CVE) ID: CVE-2013-4347 62388 http://www.securityfocus.com/bid/62388 https://github.com/simplegeo/python-oauth2/issues/9 https://github.com/simplegeo/python-oauth2/pull/146
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.