CVE-2011-1015 – (CGIHTTPServer): CGI script source code disclosure
https://notcve.org/view.php?id=CVE-2011-1015
The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI. El método is_cgi en CGIHTTPServer.py del módulo CGIHTTPServer en Python v2.5,v2.6 y v3.0 permite a atacantes remotos leer el código fuente de los scripts a través de una solicitud HTTP GET que carece de una / ( barra) de caracteres al principio de la URI. • http://bugs.python.org/issue2254 http://hg.python.org/cpython/rev/c6c4398293bd http://openwall.com/lists/oss-security/2011/02/23/27 http://openwall.com/lists/oss-security/2011/02/24/10 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://securitytracker.com/id?1025489 http://svn.python.org/view?view=revision&revision=71303 http://www.mandriva.com/security/advisories?name=MDVSA-2011:096 http://www.securityfo • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-3492
https://notcve.org/view.php?id=CVE-2010-3492
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. El módulo asyncore en Python anterior a v3.2 no controla correctamente llamadas fallidas a la función accept, y no tiene la documentación adjunta que describa cómo las aplicaciones demonio atienden las llamadas sin éxito a la función accept, lo cual facilita a atacantes remotos realizar ataques de denegación de servicio que terminan estas aplicaciones a través de conexiones de red. • http://bugs.python.org/issue6706 http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 http://www.mandriva.com/security/advisories?name=MDVSA-2010:216 http://www.openwall.com/lists/oss-security/2010/09/09/6 http://www.openwall.com/lists/oss-security/2010/09/11/2 http://www.openwall.com/lists/oss-security/2010/09/22/3 http://www.openwall.com/lists/oss-security/2010/09/24/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ad •
CVE-2010-3493 – Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129)
https://notcve.org/view.php?id=CVE-2010-3493
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. Múltiples condiciones de carrera en smtpd.py en el módulo smtpd in Python v2.6, v2.7, v3.1 y v3.2 alpha permite a atacantes remotos provocar una denegación de servicio (agotamiento de demonio)por establecimiento e inmediatamente cerrando una conexión TCP, llevando la función accept a devolver un valor inesperado de None, un valor inesperado de None para la dirección, o un error ECONNABORTED, EAGAIN, o EWOULDBLOCK, o la función getpeername teniendo un error ENOTCONN, tema relacionado con CVE-2010-3492. • http://bugs.python.org/issue6706 http://bugs.python.org/issue9129 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289 http://svn.python.org/view?v • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2010-1450 – python: rgbimg: multiple security issues
https://notcve.org/view.php?id=CVE-2010-1450
Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. Múltiples desbordamientos de búfer en el decodificador RLE en el módulo rgbimg en Python v2.5 permite a atacantes remotos tener un impacto sin especificar a través de fichero de imagen que contiene datos manipulados que lanza un procesado inapropiado dentro de la función (1) longimagedata o (2) expandrow. • http://bugs.python.org/issue8678 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42888 http://secunia.com/advisories/43068 http://secunia.com/advisories/43364 http://support.apple.com/kb/HT4435 http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 http://www.redhat.com/support/errata/RHSA-2011-0027.html http://www.redhat.com/support/err • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2010-1634 – python: audioop: incorrect integer overflow checks
https://notcve.org/view.php?id=CVE-2010-1634
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. Múltiples desbordamientos de entero en audioop.c en el módulo audioop en Python v2.6, v2.7, v3.1 y v3.2, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de aplicación) a través de un fragmento largo, como se ha demostrado mediante una llamada audiolop.lin2lin con una cadena larga en el primer argumento, llevando a cabo un desbordamiento de búfer. NOTA: esta vulnerabilidad existe por un incorrecto parcheado para la CVE-2008-3143.5. • http://bugs.python.org/issue8674 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/39937 http://secunia.com/advisories/40194 http://secunia.com/advisories/42888 http://secunia.com/advisories/43068 http://sec • CWE-190: Integer Overflow or Wraparound •