ID CVE-2012-1150
Summary Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
References
Vulnerable Configurations
  • Python 2.6.7
    cpe:2.3:a:python:python:2.6.7
  • Python 2.6.6150
    cpe:2.3:a:python:python:2.6.6150
  • Python 2.6.6
    cpe:2.3:a:python:python:2.6.6
  • Python 2.6.5
    cpe:2.3:a:python:python:2.6.5
  • Python 2.6.4
    cpe:2.3:a:python:python:2.6.4
  • Python 2.6.3
    cpe:2.3:a:python:python:2.6.3
  • Python 2.6.2150
    cpe:2.3:a:python:python:2.6.2150
  • Python 2.6.2
    cpe:2.3:a:python:python:2.6.2
  • Python 2.6.1
    cpe:2.3:a:python:python:2.6.1
  • Python 2.6
    cpe:2.3:a:python:python:2.6
  • Python 2.5.150
    cpe:2.3:a:python:python:2.5.150
  • Python 2.5.3
    cpe:2.3:a:python:python:2.5.3
  • Python 2.5.6
    cpe:2.3:a:python:python:2.5.6
  • Python 2.5.2
    cpe:2.3:a:python:python:2.5.2
  • Python 2.5.1
    cpe:2.3:a:python:python:2.5.1
  • Python 2.5
    cpe:2.3:a:python:python:2.5
  • Python 2.5.4
    cpe:2.3:a:python:python:2.5.4
  • Python Python 2.4.3
    cpe:2.3:a:python:python:2.4.3
  • Python 2.4
    cpe:2.3:a:python:python:2.4
  • Python 2.4.4
    cpe:2.3:a:python:python:2.4.4
  • Python 2.4.2
    cpe:2.3:a:python:python:2.4.2
  • Python 2.4.6
    cpe:2.3:a:python:python:2.4.6
  • Python 2.4.1
    cpe:2.3:a:python:python:2.4.1
  • Python 2.3.4
    cpe:2.3:a:python:python:2.3.4
  • Python 2.3.5
    cpe:2.3:a:python:python:2.3.5
  • Python 2.3
    cpe:2.3:a:python:python:2.3
  • Python 2.3.3
    cpe:2.3:a:python:python:2.3.3
  • Python 2.3.2
    cpe:2.3:a:python:python:2.3.2
  • Python 2.3.1
    cpe:2.3:a:python:python:2.3.1
  • Python 2.3.7
    cpe:2.3:a:python:python:2.3.7
  • Python 2.2.2
    cpe:2.3:a:python:python:2.2.2
  • Python 2.2.3
    cpe:2.3:a:python:python:2.2.3
  • Python 2.2.1
    cpe:2.3:a:python:python:2.2.1
  • Python 2.2
    cpe:2.3:a:python:python:2.2
  • Python 2.1.1
    cpe:2.3:a:python:python:2.1.1
  • Python 2.1.2
    cpe:2.3:a:python:python:2.1.2
  • Python 2.1.3
    cpe:2.3:a:python:python:2.1.3
  • Python 2.1
    cpe:2.3:a:python:python:2.1
  • Python 2.0.1
    cpe:2.3:a:python:python:2.0.1
  • Python 2.0
    cpe:2.3:a:python:python:2.0
  • Python 1.6.1
    cpe:2.3:a:python:python:1.6.1
  • Python 1.6
    cpe:2.3:a:python:python:1.6
  • Python 1.5.2
    cpe:2.3:a:python:python:1.5.2
  • Python 1.2
    cpe:2.3:a:python:python:1.2
  • Python 1.3
    cpe:2.3:a:python:python:1.3
  • Python 0.9.1
    cpe:2.3:a:python:python:0.9.1
  • Python 0.9.0
    cpe:2.3:a:python:python:0.9.0
  • Python 2.7
    cpe:2.3:a:python:python:2.7
  • Python 2.7.1
    cpe:2.3:a:python:python:2.7.1
  • Python 2.7.1 Release Candiate 1
    cpe:2.3:a:python:python:2.7.1:rc1
  • Python 2.7.1150
    cpe:2.3:a:python:python:2.7.1150
  • Python 2.7.2 Release Candidate 1
    cpe:2.3:a:python:python:2.7.2:rc1
  • Python 2.7.2150
    cpe:2.3:a:python:python:2.7.2150
  • Python 3.1.4
    cpe:2.3:a:python:python:3.1.4
  • Python 3.1.3
    cpe:2.3:a:python:python:3.1.3
  • Python 3.1.2
    cpe:2.3:a:python:python:3.1.2
  • Python 3.1.1
    cpe:2.3:a:python:python:3.1.1
  • Python 3.1
    cpe:2.3:a:python:python:3.1
  • Python 3.0.1
    cpe:2.3:a:python:python:3.0.1
  • Python 3.0
    cpe:2.3:a:python:python:3.0
  • Python 3.2
    cpe:2.3:a:python:python:3.2
  • Python 3.2.2150
    cpe:2.3:a:python:python:3.2.2150
  • Python 3.2-alpha
    cpe:2.3:a:python:python:3.2:alpha
CVSS
Base: 5.0 (as of 08-10-2012 - 10:43)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5916.NASL
    description Rebase of Python 3 ('python3') from 3.2 to 3.2.3 bringing in security fixes, along with other bugfixes. See http://python.org/download/releases/3.2.3/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 58979
    published 2012-05-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58979
    title Fedora 15 : python3-3.2.3-1.fc15 (2012-5916) (BEAST)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5785.NASL
    description Rebase of python3 from 3.2.2 to 3.2.3 bringing in security fixes, along with other bugfixes. See http://python.org/download/releases/3.2.3/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 58996
    published 2012-05-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58996
    title Fedora 17 : python3-3.2.3-5.fc17 (2012-5785) (BEAST)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2012-0016_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - bind - expat - nspr and nss - python - vSphere API
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89039
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89039
    title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-096.NASL
    description Multiple vulnerabilities has been discovered and corrected in python : The _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389). A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers) (CVE-2011-4940). A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944). A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer (CVE-2012-0845). Hash table collisions CPU usage DoS for the embedded copy of expat (CVE-2012-0876). A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions (CVE-2012-1150). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 59635
    published 2012-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59635
    title Mandriva Linux Security Advisory : python (MDVSA-2012:096)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_PYTHON_20130410.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a 'BEAST' attack. (CVE-2011-3389) - SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header. (CVE-2012-0845) - The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. (CVE-2012-0876) - Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. (CVE-2012-1150)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80749
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80749
    title Oracle Solaris Third-Party Patch Update : python (multiple_vulnerabilities_in_python) (BEAST)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_9.NASL
    description The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld - IOKitUser - IOSerialFamily - Kernel - Kext Management - LaunchServices - Libc - Mail Accounts - Mail Header Display - Mail Networking - OpenLDAP - perl - Power Management - python - ruby - Security - Security - Authorization - Security - Smart Card Services - Screen Lock - Screen Sharing Server - syslog - USB
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 70561
    published 2013-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70561
    title Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_APACHE2-MOD_PYTHON-8127.NASL
    description Apache2 mod_python has been changed to enable randomized hashes to help fixing denial of service problems by injecting prepared values into Python hash functions. (CVE-2012-1150) As some Python scripts might need a known hashing order, the old behaviour can be restored using a newly introduced module option called PythonRandomizeHashes The option is default on, but can be disabled if necessary for compatibility with above scripts.
    last seen 2019-02-21
    modified 2012-10-09
    plugin id 61523
    published 2012-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61523
    title SuSE 10 Security Update : apache2-mod_python (ZYPP Patch Number 8127)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-9135.NASL
    description Fixes debug build systemtap support. Rebase of python3 from 3.2.1 to 3.2.3 bringing in security fixes, along with many other bug fixes. The compiled *.pyc and *.pyo files are now properly compiled so python3 doesn't try to recompile them over and over on runtime anymore. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 59580
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59580
    title Fedora 16 : python3-3.2.3-2.fc16 (2012-9135) (BEAST)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_APACHE2-MOD_PYTHON-120503.NASL
    description Apache2 mod_python has been changed to enable randomized hashes to help fixing denial of service problems by injecting prepared values into Python hash functions. (CVE-2012-1150) As some Python scripts might need a known hashing order, the old behaviour can be restored using a newly introduced module option called PythonRandomizeHashes The option is default on, but can be disabled if necessary for compatibility with above scripts.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64108
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64108
    title SuSE 11.1 Security Update : apache2-mod_python (SAT Patch Number 6247)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2012-0016.NASL
    description a. VMware vSphere API denial of service vulnerability The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. VMware would like to thank Sebastian Tello of Core Security Technologies for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5703 to this issue. b. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1033, CVE-2012-1667, and CVE-2012-3817 to these issues. c. Update to ESX service console python packages The ESX service console Python packages are updated to the following versions : python-2.4.3-46.el5_8.2.x86_64 python-libs-2.4.3-46.el5_8.2.x86_64 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4940, CVE-2011-4944, and CVE-2012-1150 to these issues. d. Update to ESX service console expat package The ESX service console expat package is updated to expat-1.95.8-11.el5_8. This update fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-0876 and CVE-2012-1148 to these issues. e. Update to ESX service console nspr and nss packages This patch updates the ESX service console Netscape Portable Runtime and Network Security Services RPMs to versions nspr-4.9.1.4.el5_8 and nss-3.13.5.4.9834, respectively, to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0441 to this issue. This patch also resolves a certificate trust issue caused by a fraudulent DigiNotar root certificate.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 62944
    published 2012-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62944
    title VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL
    description The remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries : - Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238) - Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332) - Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191) - Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 79862
    published 2014-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79862
    title ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5924.NASL
    description Rebase of Python 2 ('python' and 'python-docs') from 2.7.2 to 2.7.3 bringing in security fixes, along with other bugfixes. See http://python.org/download/releases/2.7.3/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 58997
    published 2012-05-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58997
    title Fedora 16 : python-2.7.3-1.fc16 / python-docs-2.7.3-1.fc16 (2012-5924) (BEAST)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1596-1.NASL
    description It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015) Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the '-R' command line option and honors setting the PYTHONHASHSEED environment variable to 'random' to salt str and datetime objects with an unpredictable value. (CVE-2012-1150). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62436
    published 2012-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62436
    title Ubuntu 10.04 LTS / 11.04 / 11.10 : python2.6 vulnerabilities (USN-1596-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-302.NASL
    description 4 vulnerabilities were discovered for the python (2.7) and python3 packages in openSUSE versions 11.4 and 12.1.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74640
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74640
    title openSUSE Security Update : python (openSUSE-SU-2012:0667-1) (BEAST)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5892.NASL
    description Rebase of Python 2 ('python') from 2.7.2 to 2.7.3, bringing in security fixes, along with numerous other bugfixes. See http://python.org/download/releases/2.7.3/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 58956
    published 2012-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58956
    title Fedora 17 : python-2.7.3-3.fc17 / python-docs-2.7.3-1.fc17 (2012-5892) (BEAST)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0745.NASL
    description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new 'PYTHONHASHSEED' environment variable or the Python interpreter's '-R' command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59560
    published 2012-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59560
    title CentOS 5 : python (CESA-2012:0745)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0744.NASL
    description From Red Hat Security Advisory 2012:0744 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new 'PYTHONHASHSEED' environment variable or the Python interpreter's '-R' command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer. (CVE-2012-0845) A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68545
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68545
    title Oracle Linux 6 : python (ELSA-2012-0744)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1592-1.NASL
    description Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521) It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the '-R' command line option and honors setting the PYTHONHASHSEED environment variable to 'random' to salt str and datetime objects with an unpredictable value. (CVE-2012-1150). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62410
    published 2012-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62410
    title Ubuntu 11.04 / 11.10 : python2.7 vulnerabilities (USN-1592-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-097.NASL
    description Multiple vulnerabilities has been discovered and corrected in python : The _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389). A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944). A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer (CVE-2012-0845). Hash table collisions CPU usage DoS for the embedded copy of expat (CVE-2012-0876). A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions (CVE-2012-1150). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 61956
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61956
    title Mandriva Linux Security Advisory : python (MDVSA-2012:097)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1615-1.NASL
    description It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the '-R' command line option and honors setting the PYTHONHASHSEED environment variable to 'random' to salt str and datetime objects with an unpredictable value. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2012-1150) Serhiy Storchaka discovered that the UTF16 decoder in Python did not properly reset internal variables after error handling. An attacker could exploit this to cause a denial of service via memory corruption. This issue did not affect Ubuntu 12.10. (CVE-2012-2135). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62677
    published 2012-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62677
    title Ubuntu 11.04 / 11.10 / 12.04 LTS / 12.10 : python3.2 vulnerabilities (USN-1615-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0745.NASL
    description From Red Hat Security Advisory 2012:0745 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new 'PYTHONHASHSEED' environment variable or the Python interpreter's '-R' command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68546
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68546
    title Oracle Linux 5 : python (ELSA-2012-0745)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0745.NASL
    description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new 'PYTHONHASHSEED' environment variable or the Python interpreter's '-R' command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59564
    published 2012-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59564
    title RHEL 5 : python (RHSA-2012:0745)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0744.NASL
    description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new 'PYTHONHASHSEED' environment variable or the Python interpreter's '-R' command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer. (CVE-2012-0845) A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59570
    published 2012-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59570
    title CentOS 6 : python (CESA-2012:0744)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-98.NASL
    description A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new 'PYTHONHASHSEED' environment variable or the Python interpreter's '-R' command line option can be used. Refer to the python(1) manual page for details. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer. (CVE-2012-0845) A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69705
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69705
    title Amazon Linux AMI : python26 (ALAS-2012-98)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1616-1.NASL
    description It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. (CVE-2010-1634, CVE-2010-2089) It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944) It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845) It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the '-R' command line option and honors setting the PYTHONHASHSEED environment variable to 'random' to salt str and datetime objects with an unpredictable value. (CVE-2012-1150) Serhiy Storchaka discovered that the UTF16 decoder in Python did not properly reset internal variables after error handling. An attacker could exploit this to cause a denial of service via memory corruption. (CVE-2012-2135). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 62700
    published 2012-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62700
    title Ubuntu 10.04 LTS / 11.04 : python3.1 vulnerabilities (USN-1616-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_PYTHON-RANDOMISATION-UPDATE-120517.NASL
    description This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125) - hash randomization issues. (CVE-2012-1150, bnc#751718) - insecure creation of .pypirc. (CVE-2011-4944, bnc#754447) - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375) - functions can accept unicode kwargs. (bnc#744287) - python MainThread lacks ident. (bnc#754547) - TypeError: waitpid() takes no keyword arguments. (bnc#751714) - Source code exposure in CGIHTTPServer module. (CVE-2011-1015, bnc#674646) - Insecure redirect processing in urllib2 (CVE-2011-1521, bnc#682554) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes. To enable the hash seed randomization you can use: - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT. In generally enabling this is only needed when malicious third parties can inject values into your hash tables. The update to 2.6.8 also provides many compatibility fixes with OpenStack.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64221
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64221
    title SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0744.NASL
    description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new 'PYTHONHASHSEED' environment variable or the Python interpreter's '-R' command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer. (CVE-2012-0845) A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 59563
    published 2012-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59563
    title RHEL 6 : python (RHSA-2012:0744)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_PYTHON-RANDOMISATION-UPDATE-120516.NASL
    description This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125) - hash randomization issues. (CVE-2012-1150, bnc#751718) - insecure creation of .pypirc. (CVE-2011-4944, bnc#754447) - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375) - functions can accept unicode kwargs. (bnc#744287) - python MainThread lacks ident. (bnc#754547) - TypeError: waitpid() takes no keyword arguments. (bnc#751714) - Source code exposure in CGIHTTPServer module. (CVE-2011-1015, bnc#674646) - Insecure redirect processing in urllib2 (CVE-2011-1521, bnc#682554) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes. To enable the hash seed randomization you can use: - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT. In generally enabling this is only needed when malicious third parties can inject values into your hash tables. The update to 2.6.8 also provides many compatibility fixes with OpenStack.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64220
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64220
    title SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120618_PYTHON_ON_SL5_X.NASL
    description Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new 'PYTHONHASHSEED' environment variable or the Python interpreter's '-R' command line option can be used. Refer to the python(1) manual page for details. The previous expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61332
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61332
    title Scientific Linux Security Update : python on SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120618_PYTHON_ON_SL6_X.NASL
    description Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new 'PYTHONHASHSEED' environment variable or the Python interpreter's '-R' command line option can be used. Refer to the python(1) manual page for details. The previous expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer. (CVE-2012-0845) A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) All Python users should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61333
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61333
    title Scientific Linux Security Update : python on SL6.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201401-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201401-04 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly cause a Denial of Service condition or perform a man-in-the-middle attack to disclose sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 71811
    published 2014-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71811
    title GLSA-201401-04 : Python: Multiple vulnerabilities
redhat via4
advisories
  • bugzilla
    id 803500
    title CVE-2011-4940 python: potential XSS in SimpleHTTPServer's list_directory()
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment python is earlier than 0:2.6.6-29.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120744005
        • comment python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554008
      • AND
        • comment python-devel is earlier than 0:2.6.6-29.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120744013
        • comment python-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554010
      • AND
        • comment python-libs is earlier than 0:2.6.6-29.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120744007
        • comment python-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554014
      • AND
        • comment python-test is earlier than 0:2.6.6-29.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120744015
        • comment python-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554016
      • AND
        • comment python-tools is earlier than 0:2.6.6-29.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120744011
        • comment python-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554012
      • AND
        • comment tkinter is earlier than 0:2.6.6-29.el6_2.2
          oval oval:com.redhat.rhsa:tst:20120744009
        • comment tkinter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554018
    rhsa
    id RHSA-2012:0744
    released 2012-06-18
    severity Moderate
    title RHSA-2012:0744: python security update (Moderate)
  • bugzilla
    id 803500
    title CVE-2011-4940 python: potential XSS in SimpleHTTPServer's list_directory()
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment python is earlier than 0:2.4.3-46.el5_8.2
          oval oval:com.redhat.rhsa:tst:20120745002
        • comment python is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091176003
      • AND
        • comment python-devel is earlier than 0:2.4.3-46.el5_8.2
          oval oval:com.redhat.rhsa:tst:20120745006
        • comment python-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091176005
      • AND
        • comment python-libs is earlier than 0:2.4.3-46.el5_8.2
          oval oval:com.redhat.rhsa:tst:20120745004
        • comment python-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110027005
      • AND
        • comment python-tools is earlier than 0:2.4.3-46.el5_8.2
          oval oval:com.redhat.rhsa:tst:20120745010
        • comment python-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091176009
      • AND
        • comment tkinter is earlier than 0:2.4.3-46.el5_8.2
          oval oval:com.redhat.rhsa:tst:20120745008
        • comment tkinter is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091176007
    rhsa
    id RHSA-2012:0745
    released 2012-06-18
    severity Moderate
    title RHSA-2012:0745: python security update (Moderate)
rpms
  • python-0:2.6.6-29.el6_2.2
  • python-devel-0:2.6.6-29.el6_2.2
  • python-libs-0:2.6.6-29.el6_2.2
  • python-test-0:2.6.6-29.el6_2.2
  • python-tools-0:2.6.6-29.el6_2.2
  • tkinter-0:2.6.6-29.el6_2.2
  • python-0:2.4.3-46.el5_8.2
  • python-devel-0:2.4.3-46.el5_8.2
  • python-libs-0:2.4.3-46.el5_8.2
  • python-tools-0:2.4.3-46.el5_8.2
  • tkinter-0:2.4.3-46.el5_8.2
refmap via4
apple APPLE-SA-2013-10-22-3
confirm
mlist
  • [oss-security] 20120309 Re: CVE Request: Python Hash DoS (Issue 13703)
  • [python-dev] 20111229 Hash collision security issue (now public)
  • [python-dev] 20120128 plugging the hash attack
secunia
  • 50858
  • 51087
  • 51089
ubuntu
  • USN-1592-1
  • USN-1596-1
  • USN-1615-1
  • USN-1616-1
vmware via4
description The ESX service console Python packages are updated to the following versions: python-2.4.3-46.el5_8.2.x86_64 python-libs-2.4.3-46.el5_8.2.x86_64
id VMSA-2012-0016
last_updated 2012-11-15T00:00:00
published 2012-11-15T00:00:00
title Update to ESX service console python packages
Last major update 30-10-2013 - 23:23
Published 05-10-2012 - 17:55
Back to Top