ID CVE-2014-7185
Summary Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
References
Vulnerable Configurations
  • Python 2.7
    cpe:2.3:a:python:python:2.7
  • Python 2.7.1
    cpe:2.3:a:python:python:2.7.1
  • Python 2.7.1 Release Candiate 1
    cpe:2.3:a:python:python:2.7.1:rc1
  • Python 2.7.2 Release Candidate 1
    cpe:2.3:a:python:python:2.7.2:rc1
  • Python 2.7.3
    cpe:2.3:a:python:python:2.7.3
  • Python 2.7.4
    cpe:2.3:a:python:python:2.7.4
  • Python 2.7.5
    cpe:2.3:a:python:python:2.7.5
  • Python 2.7.6
    cpe:2.3:a:python:python:2.7.6
  • Python 2.7.7
    cpe:2.3:a:python:python:2.7.7
  • Python 2.7.1150
    cpe:2.3:a:python:python:2.7.1150
  • Python 2.7.1150 (x64) 64-bit
    cpe:2.3:a:python:python:2.7.1150:-:-:-:-:-:x64
  • Python 2.7.2150
    cpe:2.3:a:python:python:2.7.2150
  • Apple Mac OS X 10.10.4
    cpe:2.3:o:apple:mac_os_x:10.10.4
CVSS
Base: 6.4 (as of 30-03-2016 - 14:42)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_PYTHON_20141120.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function. (CVE-2014-7185)
    last seen 2018-09-01
    modified 2015-01-19
    plugin id 80750
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80750
    title Oracle Solaris Third-Party Patch Update : python (cve_2014_7185_integer_overflow)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_PYTHON-2014-11-19-141119.NASL
    description Python was updated to fix one security issue : - Potential wraparound/overflow in buffer() (CVE-2014-7185) As an additional hardening measure SSLv2 has been disabled. (bnc#901715)
    last seen 2018-09-01
    modified 2014-11-28
    plugin id 79619
    published 2014-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79619
    title SuSE 11.3 Security Update : Python (SAT Patch Number 9996)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1330.NASL
    description Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) These updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal : https://access.redhat.com/articles/1495363 All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.
    last seen 2018-09-01
    modified 2018-07-02
    plugin id 85012
    published 2015-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85012
    title CentOS 6 : python (CESA-2015:1330)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1511-1.NASL
    description python, python-base, python-doc was updated to fix one security issue. This security issue was fixed : - Fixed potential buffer overflow in buffer() (CVE-2014-7185). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-31
    plugin id 83646
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83646
    title SUSE SLED12 / SLES12 Security Update : python, python-base, python-doc (SUSE-SU-2014:1511-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1344-1.NASL
    description This update to python 2.7.9 fixes the following issues : - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64 From the version update to 2.7.9 : - contains full backport of ssl module from Python 3.4 (PEP466) - HTTPS certificate validation enabled by default (PEP476) - SSLv3 disabled by default (bnc#901715) - backported ensurepip module (PEP477) - fixes several missing CVEs from last release: CVE-2013-1752, CVE-2013-1753 - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3 - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional 'import ssl' from test_urllib2_localnet that caused it to fail without ssl - skip test_thread in qemu_linux_user mode From the version update to 2.7.8 : - fixes CVE-2014-4650 directory traversal in CGIHTTPServer - fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer() Also the DH parameters were increased to 2048 bit to fix logjam security issue (bsc#935856) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-07-31
    plugin id 85250
    published 2015-08-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85250
    title SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-621.NASL
    description An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash. It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory.
    last seen 2018-09-01
    modified 2018-04-18
    plugin id 87347
    published 2015-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87347
    title Amazon Linux AMI : python26 (ALAS-2015-621)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2653-1.NASL
    description It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752) It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. (CVE-2013-1753) It was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616) It was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4650) It was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-03
    plugin id 84428
    published 2015-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84428
    title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1330.NASL
    description From Red Hat Security Advisory 2015:1330 : Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) These updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal : https://access.redhat.com/articles/1495363 All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.
    last seen 2018-09-01
    modified 2018-07-26
    plugin id 85099
    published 2015-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85099
    title Oracle Linux 6 : python (ELSA-2015-1330)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-11522.NASL
    description Security fix for potential buffer overflow. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-19
    plugin id 78703
    published 2014-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78703
    title Fedora 19 : python-2.7.5-14.fc19 (2014-11522)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2101.NASL
    description Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs : * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452) * When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301) * The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value. (BZ#1237107) * The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611) In addition, this update adds the following enhancements : * Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more. (BZ#1111461) * Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015) * The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421) All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2018-09-01
    modified 2018-07-03
    plugin id 87129
    published 2015-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87129
    title CentOS 7 : python (CESA-2015:2101)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2101.NASL
    description From Red Hat Security Advisory 2015:2101 : Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs : * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452) * When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301) * The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value. (BZ#1237107) * The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611) In addition, this update adds the following enhancements : * Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more. (BZ#1111461) * Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015) * The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421) All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2018-09-02
    modified 2018-07-25
    plugin id 87020
    published 2015-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87020
    title Oracle Linux 7 : python (ELSA-2015-2101)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-075.NASL
    description Updated python packages fix security vulnerabilities : A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912). This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules (CVE-2013-1752). Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules (CVE-2013-1752). A gzip bomb and unbound read denial of service flaw in python XMLRPC library (CVE-2013-1753). Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616). The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650). Python before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185). When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking (CVE-2014-9365). The python-pip and tix packages was added due to missing build dependencies.
    last seen 2018-09-01
    modified 2018-08-03
    plugin id 82328
    published 2015-03-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82328
    title Mandriva Linux Security Advisory : python (MDVSA-2015:075)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL78825687.NASL
    description Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function. (CVE-2014-7185)
    last seen 2018-09-01
    modified 2018-07-11
    plugin id 101913
    published 2017-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101913
    title F5 Networks BIG-IP : Python and Jython vulnerability (K78825687)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-440.NASL
    description It was discovered that Python built-in module CGIHTTPServer does not properly handle URL-encoded path separators in URLs which may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. (CVE-2014-4650) Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function. (CVE-2014-7185)
    last seen 2018-09-01
    modified 2018-04-18
    plugin id 78873
    published 2014-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78873
    title Amazon Linux AMI : python27 (ALAS-2014-440)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2101.NASL
    description Updated python packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs : * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452) * When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301) * The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value. (BZ#1237107) * The load_cert_chain() function now accepts 'None' as a keyfile argument. (BZ#1250611) In addition, this update adds the following enhancements : * Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more. (BZ#1111461) * Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015) * The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421) All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2018-09-01
    modified 2018-07-27
    plugin id 86968
    published 2015-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86968
    title RHEL 7 : python (RHSA-2015:2101)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150722_PYTHON_ON_SL6_X.NASL
    description It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)
    last seen 2018-09-02
    modified 2018-08-02
    plugin id 85206
    published 2015-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85206
    title Scientific Linux Security Update : python on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1330.NASL
    description Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) These updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal : https://access.redhat.com/articles/1495363 All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.
    last seen 2018-09-01
    modified 2018-07-27
    plugin id 84938
    published 2015-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84938
    title RHEL 6 : python (RHSA-2015:1330)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201503-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201503-10 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2018-08-02
    plugin id 82009
    published 2015-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82009
    title GLSA-201503-10 : Python: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-11559.NASL
    description Security fix for potential buffer overflow. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2015-10-19
    plugin id 77998
    published 2014-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77998
    title Fedora 20 : python-2.7.5-14.fc20 (2014-11559)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0098.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle Linux distribution in platform.py [orabug 21288328] (Keshav Sharma) - Enable use of deepcopy with instance methods Resolves: rhbz#1223037 - Since -libs now provide python-ordered dict, added ordereddict dist-info to site-packages Resolves: rhbz#1199997 - Fix CVE-2014-7185/4650/1912 (CVE-2013-1752) Resolves: rhbz#1206572 - Fix logging module error when multiprocessing module is not initialized Resolves: rhbz#1204966 - Add provides for python-ordereddict Resolves: rhbz#1199997 - Let ConfigParse handle options without values - Add check phase to specfile, fix and skip relevant failing tests Resolves: rhbz#1031709 - Make Popen.communicate catch EINTR error Resolves: rhbz#1073165 - Add choices for sort option of cProfile for better output Resolves: rhbz#1160640 - Make multiprocessing ignore EINTR Resolves: rhbz#1180864 - Fix iteration over files with very long lines Resolves: rhbz#794632 - Fix subprocess.Popen.communicate being broken by SIGCHLD handler. Resolves: rhbz#1065537 - Rebuild against latest valgrind-devel. Resolves: rhbz#1142170 - Bump release up to ensure proper upgrade path. Related: rhbz#958256 - Fix multilib dependencies. Resolves: rhbz#958256
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 85139
    published 2015-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85139
    title OracleVM 3.3 : python (OVMSA-2015-0098)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151119_PYTHON_ON_SL7_X.NASL
    description It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) This update also fixes the following bugs : - Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an 'Invalid argument' error. Subprocesses have been fixed to close the file descriptors only once. - When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. - The cProfile utility has been fixed to print all values that the '-s' option supports when this option is used without a correct value. - The load_cert_chain() function now accepts 'None' as a keyfile argument. In addition, this update adds the following enhancements : - Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more. - Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. - The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection.
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 87570
    published 2015-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87570
    title Scientific Linux Security Update : python on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-588.NASL
    description - CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572) - CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572) - CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572)
    last seen 2018-09-01
    modified 2014-10-15
    plugin id 78453
    published 2014-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78453
    title openSUSE Security Update : python (openSUSE-SU-2014:1292-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-197.NASL
    description Updated python packages fix security vulnerability : Python before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 78613
    published 2014-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78613
    title Mandriva Linux Security Advisory : python (MDVSA-2014:197)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_10_5.NASL
    description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen 2018-09-02
    modified 2018-07-16
    plugin id 85408
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85408
    title Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
redhat via4
advisories
  • bugzilla
    id 1223037
    title Python raises exception on deepcopy of instance methods
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment python is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330011
        • comment python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554008
      • AND
        • comment python-devel is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330013
        • comment python-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554010
      • AND
        • comment python-libs is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330007
        • comment python-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554014
      • AND
        • comment python-test is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330015
        • comment python-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554016
      • AND
        • comment python-tools is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330009
        • comment python-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554012
      • AND
        • comment tkinter is earlier than 0:2.6.6-64.el6
          oval oval:com.redhat.rhsa:tst:20151330005
        • comment tkinter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554018
    rhsa
    id RHSA-2015:1330
    released 2015-07-22
    severity Moderate
    title RHSA-2015:1330: python security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1259421
    title Backport SSLSocket.version() to python 2.7.5
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment python is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101005
        • comment python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554008
      • AND
        • comment python-debug is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101015
        • comment python-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152101016
      • AND
        • comment python-devel is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101017
        • comment python-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554010
      • AND
        • comment python-libs is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101013
        • comment python-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554014
      • AND
        • comment python-test is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101009
        • comment python-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554016
      • AND
        • comment python-tools is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101007
        • comment python-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554012
      • AND
        • comment tkinter is earlier than 0:2.7.5-34.el7
          oval oval:com.redhat.rhsa:tst:20152101011
        • comment tkinter is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110554018
    rhsa
    id RHSA-2015:2101
    released 2015-06-25
    severity Moderate
    title RHSA-2015:2101: python security, bug fix, and enhancement update (Moderate)
  • rhsa
    id RHSA-2015:1064
rpms
  • python-0:2.6.6-64.el6
  • python-devel-0:2.6.6-64.el6
  • python-libs-0:2.6.6-64.el6
  • python-test-0:2.6.6-64.el6
  • python-tools-0:2.6.6-64.el6
  • tkinter-0:2.6.6-64.el6
  • python-0:2.7.5-34.el7
  • python-debug-0:2.7.5-34.el7
  • python-devel-0:2.7.5-34.el7
  • python-libs-0:2.7.5-34.el7
  • python-test-0:2.7.5-34.el7
  • python-tools-0:2.7.5-34.el7
  • tkinter-0:2.7.5-34.el7
refmap via4
apple APPLE-SA-2015-08-13-2
bid 70089
confirm
fedora FEDORA-2014-11559
gentoo GLSA-201503-10
mlist
  • [oss-security] 20140923 CVE Request: Python 2.7
  • [oss-security] 20140925 Re: CVE Request: Python 2.7
suse openSUSE-SU-2014:1292
xf python-bufferobject-overflow(96193)
Last major update 14-10-2016 - 21:59
Published 08-10-2014 - 13:55
Last modified 04-01-2018 - 21:29
Back to Top