English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.891519
Category:Debian Local Security Checks
Title:Debian LTS Advisory ([SECURITY] [DLA 1519-1] python2.7 security update)
Summary:Multiple vulnerabilities were found in the CPython interpreter which;can cause denial of service, information gain, and arbitrary code;execution.;;CVE-2017-1000158;;CPython (aka Python) is vulnerable to an integer overflow in the;PyString_DecodeEscape function in stringobject.c, resulting in;heap-based buffer overflow (and possible arbitrary code execution);;CVE-2018-1060;;python is vulnerable to catastrophic backtracking in pop3lib's;apop() method. An attacker could use this flaw to cause denial of;service.;;CVE-2018-1061;;python is vulnerable to catastrophic backtracking in the;difflib.IS_LINE_JUNK method. An attacker could use this flaw to;cause denial of service.;;CVE-2018-1000802;;Python Software Foundation Python (CPython) version 2.7 contains a;CWE-77: Improper Neutralization of Special Elements used in a;Command ('Command Injection') vulnerability in shutil module;(make_archive function) that can result in Denial of service,;Information gain via injection of arbitrary files on the system or;entire drive. This attack appear to be exploitable via Passage of;unfiltered user input to the function.
Description:Summary:
Multiple vulnerabilities were found in the CPython interpreter which
can cause denial of service, information gain, and arbitrary code
execution.

CVE-2017-1000158

CPython (aka Python) is vulnerable to an integer overflow in the
PyString_DecodeEscape function in stringobject.c, resulting in
heap-based buffer overflow (and possible arbitrary code execution)

CVE-2018-1060

python is vulnerable to catastrophic backtracking in pop3lib's
apop() method. An attacker could use this flaw to cause denial of
service.

CVE-2018-1061

python is vulnerable to catastrophic backtracking in the
difflib.IS_LINE_JUNK method. An attacker could use this flaw to
cause denial of service.

CVE-2018-1000802

Python Software Foundation Python (CPython) version 2.7 contains a
CWE-77: Improper Neutralization of Special Elements used in a
Command ('Command Injection') vulnerability in shutil module
(make_archive function) that can result in Denial of service,
Information gain via injection of arbitrary files on the system or
entire drive. This attack appear to be exploitable via Passage of
unfiltered user input to the function.

Vulnerability Insight:
Python is a high-level, interactive, object-oriented language. Its 2.7 version
includes an extensive class library with lots of goodies for
network programming, system administration, sounds and graphics.

Affected Software/OS:
python2.7 on Debian Linux

Solution:
For Debian 8 'Jessie', these problems have been fixed in version
2.7.9-2+deb8u2.

We recommend that you upgrade your python2.7 packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-1060
https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html
https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html
Debian Security Information: DSA-4306 (Google Search)
https://www.debian.org/security/2018/dsa-4306
Debian Security Information: DSA-4307 (Google Search)
https://www.debian.org/security/2018/dsa-4307
RedHat Security Advisories: RHSA-2018:3041
https://access.redhat.com/errata/RHSA-2018:3041
RedHat Security Advisories: RHSA-2018:3505
https://access.redhat.com/errata/RHSA-2018:3505
https://usn.ubuntu.com/3817-1/
https://usn.ubuntu.com/3817-2/
http://www.securitytracker.com/id/1042001
Common Vulnerability Exposure (CVE) ID: CVE-2018-1061
CopyrightCopyright (c) 2018 Greenbone Networks GmbH http://greenbone.net

This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.