The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

Python Django was updated to fix several security issues.

CVE-2012-3442: Cross-site scripting in authentication views CVE-2012-3443: Denial-of-service in image validation CVE-2012-3444:
Denial-of-service via get_image_dimensions()

It was discovered that Django incorrectly validated the scheme of a redirect target. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2012-3442)

It was discovered that Django incorrectly handled validating certain images. A remote attacker could use this flaw to cause the server to consume memory, leading to a denial of service. (CVE-2012-3443)

Jeroen Dekkers discovered that Django incorrectly handled certain image dimensions. A remote attacker could use this flaw to cause the server to consume resources, leading to a denial of service.
(CVE-2012-3444).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple vulnerabilities has been discovered and corrected in python-django :

The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL (CVE-2012-3442).

The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file (CVE-2012-3443).

The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image (CVE-2012-3444).

The updated packages have been upgraded to the 1.3.3 version which is not vulnerable to these issues.

Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework. The Common Vulnerabilities and Exposures project defines the following issues :

  - CVE-2012-3442     Two functions do not validate the scheme of a redirect     target, which might allow remote attackers to conduct     cross-site scripting (XSS) attacks via a data: URL.

  - CVE-2012-3443     The ImageField class completely decompresses image data     during image validation, which allows remote attackers     to cause a denial of service (memory consumption) by     uploading an image file.

  - CVE-2012-3444     The get_image_dimensions function in the image-handling     functionality uses a constant chunk size in all attempts     to determine dimensions, which allows remote attackers     to cause a denial of service (process or thread     consumption) via a large TIFF image.

security release https://www.djangoproject.com/weblog/2012/jul/30/security-releases-iss ued/

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The Django project reports :

Today the Django team is issuing multiple releases -- Django 1.3.2 and Django 1.4.1 -- to remedy security issues reported to us :

- Cross-site scripting in authentication views

- Denial-of-service in image validation

- Denial-of-service via get_image_dimensions()

All users are encouraged to upgrade Django immediately.

ID	Name	Product	Family	Severity
74704	openSUSE Security Update : python-django (openSUSE-SU-2012:0970-1)	Nessus	SuSE Local Security Checks	medium
62038	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : python-django vulnerabilities (USN-1560-1)	Nessus	Ubuntu Local Security Checks	medium
61988	Mandriva Linux Security Advisory : python-django (MDVSA-2012:143)	Nessus	Mandriva Local Security Checks	medium
61538	Debian DSA-2529-1 : python-django - several vulnerabilities	Nessus	Debian Local Security Checks	medium
61500	Fedora 16 : Django-1.3.2-1.fc16 (2012-11416)	Nessus	Fedora Local Security Checks	medium
61499	Fedora 17 : Django-1.4.1-1.fc17 (2012-11415)	Nessus	Fedora Local Security Checks	medium
61375	FreeBSD : django -- multiple vulnerabilities (f01292a0-db3c-11e1-a84b-00e0814cab4e)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2012-3444

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium