what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2011-4940

Status Candidate

Overview

CVE-2011-4940 python: potential XSS in SimpleHTTPServer's list_directory()

Related Files

Ubuntu Security Notice USN-1613-2
Posted Oct 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1613-2 - USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2008-5983, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148, CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148
SHA-256 | 03c1d61f1a7fd46df33c2cd303dd9df766d417bf63c2774bc68e006f265282de
Ubuntu Security Notice USN-1613-1
Posted Oct 18, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1613-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2008-5983, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148, CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1148
SHA-256 | c13b76291797c5dc6f6323302b6fdfb272dd24cd1b617c855c76a194beaf1ed9
Ubuntu Security Notice USN-1596-1
Posted Oct 5, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1596-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2008-5983, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150
SHA-256 | c495413874c5d26f485eefb38fa84c7fd4732958d09a9fc3895bb38badc75820
Ubuntu Security Notice USN-1592-1
Posted Oct 2, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1592-1 - Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. It was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, xss
systems | linux, ubuntu
advisories | CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150
SHA-256 | 165afa6d34f225319c4c04de9f89e067f082131a627aa45b978829b0872fee6a
Mandriva Linux Security Advisory 2012-096-1
Posted Jul 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. The _ssl module would always disable the CBC IV attack countermeasure. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file. A race condition was found in the way the Python distutils module set file permissions during the creation of the.pypirc file. Various other issues were also addressed.

tags | advisory, vulnerability, xss, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | 6519f45b66e8e91380ebd2fe36730ada9b3c9fe8a02948e6fcc43d7e69bb6a64
Mandriva Linux Security Advisory 2012-096
Posted Jun 21, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-096 - Multiple vulnerabilities has been discovered and corrected in python. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, vulnerability, python
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150
SHA-256 | a875f61d4323d9bd3fdd15f37616b7c52da1e10355b2f976bd21d77e7714133c
Red Hat Security Advisory 2012-0745-01
Posted Jun 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0745-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2011-4940, CVE-2011-4944, CVE-2012-1150
SHA-256 | 9b589376b7c9062ad24b4f8af937559408735d4b1c8f000fdf908cd9cd6cd8c1
Red Hat Security Advisory 2012-0744-01
Posted Jun 18, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0744-01 - Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150
SHA-256 | 0195e7d2a58a603b9f9e924879d940296b0663a33117c68a1367cbbdbd34a945
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close