CVE-2005-0089
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:07:46
NMCOPS    

[原文]The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.


[CNNVD]Python SimpleXMLRPCServer模块安全漏洞(CNNVD-200505-304)

        Python是一种开放源代码的强大功能的脚本编程语言。
        Python的SimpleXMLRPCServer模块存在缺陷,远程攻击者可以利用这个漏洞访问和更改函数内部。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:python_software_foundation:python:2.3.1
cpe:/a:python_software_foundation:python:2.3.2
cpe:/a:python_software_foundation:python:2.4
cpe:/a:python_software_foundation:python:2.3.3
cpe:/a:python_software_foundation:python:2.3.4
cpe:/a:python_software_foundation:python:2.3
cpe:/a:python_software_foundation:python:2.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9811Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaus...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0089
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0089
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-304
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110746469728728&w=2
(UNKNOWN)  BUGTRAQ  20050203 Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py
http://python.org/security/PSF-2005-001/patch-2.2.txt
(PATCH)  CONFIRM  http://python.org/security/PSF-2005-001/patch-2.2.txt
http://securitytracker.com/id?1013083
(UNKNOWN)  SECTRACK  1013083
http://www.debian.org/security/2005/dsa-666
(PATCH)  DEBIAN  DSA-666
http://www.mandriva.com/security/advisories?name=MDKSA-2005:035
(UNKNOWN)  MANDRAKE  MDKSA-2005:035
http://www.python.org/security/PSF-2005-001/
(PATCH)  CONFIRM  http://www.python.org/security/PSF-2005-001/
http://www.redhat.com/support/errata/RHSA-2005-108.html
(UNKNOWN)  REDHAT  RHSA-2005:108
http://www.securityfocus.com/bid/12437
(UNKNOWN)  BID  12437
http://www.trustix.org/errata/2005/0003/
(UNKNOWN)  TRUSTIX  2005-0003
http://xforce.iss.net/xforce/xfdb/19217
(UNKNOWN)  XF  python-simplexmlrpcserver-bypass(19217)

- 漏洞信息

Python SimpleXMLRPCServer模块安全漏洞
高危 访问验证错误
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        Python是一种开放源代码的强大功能的脚本编程语言。
        Python的SimpleXMLRPCServer模块存在缺陷,远程攻击者可以利用这个漏洞访问和更改函数内部。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://security.ubuntu.com/ubuntu/pool/main/p/python2.2/python2.2_2.2.3-10ubuntu0.1.diff.gz" target="_blank

- 漏洞信息 (F36023)

PSF-2005-001.txt (PacketStormID:F36023)
2005-02-05 00:00:00
 
advisory,remote,python
CVE-2005-0089
[点击下载]

Python Security Advisory PSF-2005-001 - The Python development team has discovered a flaw in the SimpleXMLRPCServer library module which can give remote attackers access to internals of the registered object or its module or possibly other modules. Versions affected: 2.2 all versions, 2.3 prior to 2.3.5, 2.4.

http://www.python.org/security/PSF-2005-001/

---------------------------------------------------------------------
Python Security Advisory

Advisory ID:  PSF-2005-001
Issue Date:   February 3, 2005
Product:      Python
Versions:     2.2 all versions, 2.3 prior to 2.3.5, 2.4
CVE Names:    CAN-2005-0089
---------------------------------------------------------------------

Python is an interpreted, interactive, object-oriented programming
language. It is often compared to Tcl, Perl, Scheme or Java.

The Python development team has discovered a flaw in the
SimpleXMLRPCServer library module which can give remote attackers
access to internals of the registered object or its module or possibly
other modules.  The flaw only affects Python XML-RPC servers that use
the register_instance() method to register an object without a
_dispatch() method.  Servers using only register_function() are not
affected.

On vulnerable XML-RPC servers, a remote attacker may be able to view
or modify globals of the module(s) containing the registered
instance's class(es), potentially leading to data loss or arbitrary
code execution.  If the registered object is a module, the danger is
particularly serious.  For example, if the registered module imports
the os module, an attacker could invoke the os.system() function.

But the attack is not limited to registered object modules; for
example, the code in the Python cookbook recipe at
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/165375 is
vulnerable to an attack using im_func.func_globals.update which allows
reading or modifying the global variable accessList.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0089 to this issue.

Python 2.3.5 will be released from www.python.org within a few days
containing a fix for this issue.  Python 2.4.1 will be released later
this month containing the same fix.  Patches for Python 2.2, 2.3 and
2.4 are also immediately available:

- http://python.org/security/PSF-2005-001/patch-2.2.txt (Python 2.2)

- http://python.org/security/PSF-2005-001/patch.txt (Python 2.3, 2.4)

Note that these patches disable recursive traversal, potentially
resulting in reduced functionality of XML-RPC applications depending
on this feature.

-- 
--Guido van Rossum (home page: http://www.python.org/~guido/)
    

- 漏洞信息

13468
Python SimpleXMLRPCServer Library Module Registered Object Access

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-03 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Python SimpleXMLRPCServer Library Module Unauthorized Access Vulnerability
Access Validation Error 12437
Yes No
2005-02-03 12:00:00 2009-07-12 10:06:00
The Python development team is responsible for the discovery of this issue.

- 受影响的程序版本

Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux 8.0
Slackware Linux -current
SGI ProPack 3.0
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.4
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.3.3
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.3.2
Python Software Foundation Python 2.3.1
Python Software Foundation Python 2.3 b1
Python Software Foundation Python 2.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.2.3
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.2.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 7.3
+ RedHat Linux 7.3
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
Python Software Foundation Python 2.2.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ S.u.S.E. Linux 8.1
Python Software Foundation Python 2.2
+ Conectiva Linux 8.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
Gentoo Linux
Python Software Foundation Python 2.4.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.5

- 不受影响的程序版本

Python Software Foundation Python 2.4.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.5

- 漏洞讨论

A remote unauthorized access vulnerability affects Python. This issue is due to a failure of the API to properly secure access to sensitive internal data or functionality of registered objects and modules.

A remote attacker may leverage this issue to gain unauthorized access to an affected computer. Other attacks are also possible.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has reported that this issue will be resolved with the pending release of Python versions 2.3.5 and 2.4.1. The vendor has provided the following patches for immediate relief.

Slackware Linux has released advisory SSA:2005-111-02 along with fixes dealing with this issue. Please see the referenced advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:005) that contains information regarding the availability of fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Ubuntu linux has released advisory USN-73-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA 666-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Gentoo Linux has released advisory GLSA 200502-09 dealing with this
issue. All Python users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose dev-lang/python

Mandrake has released advisory MDKSA-2005:035 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Trustix has released advisory TSLSA-2005-0003 to address various issues in multiple products. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2005:109-04 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

SuSE Linux has released updates dealing with these issues. Please see the web references for more information.

SGI has released advisory 20050207-01-U including Patch 10144 that contains updated SGI ProPack 3 Service Pack 4 RPMs for the SGI Altix products. This patch addresses various issues. Please see the referenced advisory for more information.


Python Software Foundation Python 2.2

Python Software Foundation Python 2.2.1

Python Software Foundation Python 2.2.2

Python Software Foundation Python 2.2.3

Python Software Foundation Python 2.3

Python Software Foundation Python 2.3.1

Python Software Foundation Python 2.3.2

Python Software Foundation Python 2.3.3

Python Software Foundation Python 2.3.4

Python Software Foundation Python 2.4

SGI ProPack 3.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站