Информационная безопасность
[RU] switch to English

Многочисленные уязвимости безопасности в python
дополнено с 9 июля 2012 г.
Опубликовано:29 июля 2012 г.
SecurityVulns ID:12454
Уровень опасности:
Описание:DoS, межсайтовый сркиптинг, утечка информации.
Затронутые продукты:PYTHOH : python 2.7
CVE:CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.)
 CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.)
 CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header.)
 CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.)
 CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2012:117 ] python-pycrypto (29.07.2012)
 documentMANDRIVA, [ MDVSA-2012:096-1 ] python (09.07.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород