Amazon Linux 2 : python38 (ALASPYTHON3.8-2024-016)

high Nessus Plugin ID 210923

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of python38 installed on the remote host is prior to 3.8.20-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PYTHON3.8-2024-016 advisory.

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. (CVE-2007-4559)

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states Warning: http.server is not recommended for production. It only implements basic security checks. (CVE-2021-28861)

A defect was discovered in the Python ssl module where there is a memoryrace condition with the ssl.SSLContext methods cert_store_stats() andget_ca_certs(). The race condition can be triggered if the methods arecalled at the same time as certificates are loaded into the SSLContext,such as during the TLS handshake with a certificate directory configured.This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. (CVE-2024-0397)

An issue was found in the CPython `zipfile` module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior.

The zipfile module is vulnerable to quoted-overlap zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. (CVE-2024-0450)

The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as globally reachable or private. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.

CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior. (CVE-2024-4032)

There is a MEDIUM severity vulnerability affecting CPython.

Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. (CVE-2024-6232)

There is a MEDIUM severity vulnerability affecting CPython.

Theemail module didn't properly quote newlines for email headers whenserializing an email message allowing for header injection when an emailis serialized. (CVE-2024-6923)

There is a LOW severity vulnerability affecting CPython, specifically the'http.cookies' standard library module.

When parsing cookies that contained backslashes for quoted characters inthe cookie value, the parser would use an algorithm with quadraticcomplexity, resulting in excess CPU resources being used while parsing thevalue. (CVE-2024-7592)

There is a severity vulnerability affecting the CPython zipfilemodule.

When iterating over names of entries in a zip archive (for example, methodsof zipfile.ZipFile like namelist(), iterdir(), extractall(), etc)the process can be put into an infinite loop with a maliciously craftedzip archive. This defect applies when reading only metadata or extractingthe contents of the zip archive. Programs that are not handlinguser-controlled zip archives are not affected.
(CVE-2024-8088)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update python38' to update your system.

Plugin Details

Severity: High

ID: 210923

File Name: al2_ALASPYTHON3_8-2024-016.nasl

Version: 1.2

Type: local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 11/13/2024

Updated: 11/14/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2007-4559

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-28861

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2024-8088

Vulnerability Information

CPE: cpe:/o:amazon:linux:2, p-cpe:/a:amazon:linux:python38, p-cpe:/a:amazon:linux:python38-debug, p-cpe:/a:amazon:linux:python38-debuginfo, p-cpe:/a:amazon:linux:python38-devel, p-cpe:/a:amazon:linux:python38-libs, p-cpe:/a:amazon:linux:python38-test, p-cpe:/a:amazon:linux:python38-tools, p-cpe:/a:amazon:linux:python38-tkinter

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2024

Vulnerability Publication Date: 8/27/2007

Reference Information

CVE: CVE-2007-4559, CVE-2021-28861, CVE-2024-0397, CVE-2024-0450, CVE-2024-4032, CVE-2024-6232, CVE-2024-6923, CVE-2024-7592, CVE-2024-8088

Detections

Analytics