NewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008)

High Nessus Plugin ID 127154

Synopsis

The remote machine is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities:

- Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. (CVE-2007-4965)

- Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context- dependent attackers to defeat cryptographic digests, related to partial hashlib hashing of data exceeding 4GB. (CVE-2008-2316)

- Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. (CVE-2008-5983)

- Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context- dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. (CVE-2010-1634)

- The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one- byte string, a different vulnerability than CVE-2010-1634. (CVE-2010-2089)

- The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in- the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2013-4238)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL python packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

http://security.gd-linux.com/notice/NS-SA-2019-0008

Plugin Details

Severity: High

ID: 127154

File Name: newstart_cgsl_NS-SA-2019-0008_python.nasl

Version: 1.3

Type: local

Published: 2019/08/12

Updated: 2019/09/24

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS Score Source: CVE-2008-2316

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2019/07/17

Vulnerability Publication Date: 2007/09/18

Reference Information

CVE: CVE-2007-4965, CVE-2008-2316, CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2013-4238

CWE: 189