Scientific Linux Security Update : python on SL6.x i386/x86_64

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

It was discovered that the socket.recvfrom_into() function failed to
check the size of the supplied buffer. This could lead to a buffer
overflow when the function was called with an insufficiently sized
buffer. (CVE-2014-1912)

It was discovered that multiple Python standard library modules
implementing network protocols (such as httplib or smtplib) failed to
restrict the sizes of server responses. A malicious server could cause
a client using one of the affected modules to consume an excessive
amount of memory. (CVE-2013-1752)

It was discovered that the CGIHTTPServer module incorrectly handled
URL encoded paths. A remote attacker could use this flaw to execute
scripts outside of the cgi-bin directory, or disclose the source code
of the scripts in the cgi-bin directory. (CVE-2014-4650)

An integer overflow flaw was found in the way the buffer() function
handled its offset and size arguments. An attacker able to control
these arguments could use this flaw to disclose portions of the
application memory or cause it to crash. (CVE-2014-7185)

See also :

http://www.nessus.org/u?aebee312

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 85206 ()

Bugtraq ID:

CVE ID: CVE-2013-1752
CVE-2014-1912
CVE-2014-4650
CVE-2014-7185

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now