The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2015:2101-1 advisory.

  - The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to     cause a denial of service (memory consumption) via a crafted HTTP request. (CVE-2013-1753)

  - Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson     before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index     value in the idx argument to the raw_decode function. (CVE-2014-4616)

  - The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is     used for path separators, which allows remote attackers to read script source code or conduct directory     traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f     separator. (CVE-2014-4650)

  - Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain     sensitive information from process memory via a large size and offset in a buffer function.
    (CVE-2014-7185)

  - The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka     Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the     certificate against a trust store or verify that the server hostname matches a domain name in the     subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-     middle attackers to spoof SSL servers via an arbitrary valid certificate. (CVE-2014-9365)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Scientific Linux Security Update : python on 7.x i686/x86_64 (2015:2101)

critical Nessus Plugin ID 87570

Version 2.8