CVE-2011-1015 – (CGIHTTPServer): CGI script source code disclosure
https://notcve.org/view.php?id=CVE-2011-1015
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. El método is_cgi en CGIHTTPServer.py del módulo CGIHTTPServer en Python v2.5,v2.6 y v3.0 permite a atacantes remotos leer el código fuente de los scripts a través de una solicitud HTTP GET que carece de una / ( barra) de caracteres al principio de la URI. • http://bugs.python.org/issue2254 http://hg.python.org/cpython/rev/c6c4398293bd http://openwall.com/lists/oss-security/2011/02/23/27 http://openwall.com/lists/oss-security/2011/02/24/10 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://securitytracker.com/id?1025489 http://svn.python.org/view?view=revision&revision=71303 http://www.mandriva.com/security/advisories?name=MDVSA-2011:096 http://www.securityfo • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-3492
https://notcve.org/view.php?id=CVE-2010-3492
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. El módulo asyncore en Python anterior a v3.2 no controla correctamente llamadas fallidas a la función accept, y no tiene la documentación adjunta que describa cómo las aplicaciones demonio atienden las llamadas sin éxito a la función accept, lo cual facilita a atacantes remotos realizar ataques de denegación de servicio que terminan estas aplicaciones a través de conexiones de red. • http://bugs.python.org/issue6706 http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 http://www.mandriva.com/security/advisories?name=MDVSA-2010:216 http://www.openwall.com/lists/oss-security/2010/09/09/6 http://www.openwall.com/lists/oss-security/2010/09/11/2 http://www.openwall.com/lists/oss-security/2010/09/22/3 http://www.openwall.com/lists/oss-security/2010/09/24/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ad •
CVE-2010-3493 – Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129)
https://notcve.org/view.php?id=CVE-2010-3493
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. Múltiples condiciones de carrera en smtpd.py en el módulo smtpd in Python v2.6, v2.7, v3.1 y v3.2 alpha permite a atacantes remotos provocar una denegación de servicio (agotamiento de demonio)por establecimiento e inmediatamente cerrando una conexión TCP, llevando la función accept a devolver un valor inesperado de None, un valor inesperado de None para la dirección, o un error ECONNABORTED, EAGAIN, o EWOULDBLOCK, o la función getpeername teniendo un error ENOTCONN, tema relacionado con CVE-2010-3492. • http://bugs.python.org/issue6706 http://bugs.python.org/issue9129 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289 http://svn.python.org/view?v • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2010-1634 – python: audioop: incorrect integer overflow checks
https://notcve.org/view.php?id=CVE-2010-1634
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. Múltiples desbordamientos de entero en audioop.c en el módulo audioop en Python v2.6, v2.7, v3.1 y v3.2, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de aplicación) a través de un fragmento largo, como se ha demostrado mediante una llamada audiolop.lin2lin con una cadena larga en el primer argumento, llevando a cabo un desbordamiento de búfer. NOTA: esta vulnerabilidad existe por un incorrecto parcheado para la CVE-2008-3143.5. • http://bugs.python.org/issue8674 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/39937 http://secunia.com/advisories/40194 http://secunia.com/advisories/42888 http://secunia.com/advisories/43068 http://sec • CWE-190: Integer Overflow or Wraparound •
CVE-2010-2089 – Python 3.2 - 'audioop' Module Memory Corruption
https://notcve.org/view.php?id=CVE-2010-2089
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. El módulo audioop en Python v2.7 y v3.2 no verifica las relaciones entre tamaños de argumentos y longitud de cadenas de byte, lo que permite a atacantes de contexto causar una denegación de servicio (corrupción de memoria y caída de programa) a través de argumentos manipulados, como queda demostrado por una llamada a audioop.reverse con una cadena de un byte, una vulnerabilidad diferente que CVE-2010-1634. • https://www.exploit-db.com/exploits/34145 http://bugs.python.org/issue7673 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40194 http://secunia.com/advisories/42888 http://secunia.com/advisories/43068 http:& • CWE-787: Out-of-bounds Write •