Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : python-django vulnerabilities (USN-1757-1)

Ubuntu Security Notice (C) 2013-2016 Canonical, Inc. / NASL script (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

James Kettle discovered that Django did not properly filter the Host
HTTP header when processing certain requests. An attacker could
exploit this to generate and display arbitrary URLs to users. Although
this issue had been previously addressed in USN-1632-1, this update
adds additional hardening measures to host header validation. This
update also adds a new ALLOWED_HOSTS setting that can be set to a list
of acceptable values for headers. (CVE-2012-4520)

Orange Tsai discovered that Django incorrectly performed permission
checks when displaying the history view in the admin interface. An
administrator could use this flaw to view the history of any object,
regardless of intended permissions. (CVE-2013-0305)

It was discovered that Django incorrectly handled a large number of
forms when generating formsets. An attacker could use this flaw to
cause Django to consume memory, resulting in a denial of service.
(CVE-2013-0306)

It was discovered that Django incorrectly deserialized XML. An
attacker could use this flaw to perform entity-expansion and
external-entity/DTD attacks. This updated modified Django behaviour to
no longer allow DTDs, perform entity expansion, or fetch external
entities/DTDs. (CVE-2013-1664, CVE-2013-1665).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected python-django package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 65096 ()

Bugtraq ID: 56146
58022
58061

CVE ID: CVE-2012-4520
CVE-2013-0305
CVE-2013-0306
CVE-2013-1664
CVE-2013-1665

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial