Vulnerability Name:

CVE-2005-0089 (CCN-19217)

Assigned:2005-02-03
Published:2005-02-03
Updated:2023-08-02
Summary:
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Bypass Security
References:Source: CCN
Type: Python Security Advisory PSF-2005-001
SimpleXMLRPCServer.py

Source: MITRE
Type: CNA
CVE-2005-0089

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link, Patch
cve@mitre.org

Source: CCN
Type: RHSA-2005-108
python security update

Source: CCN
Type: RHSA-2005-109
python security update

Source: CCN
Type: SA14128
Python SimpleXMLRPCServer Library Module Vulnerability

Source: CCN
Type: SECTRACK ID: 1013083
Python SimpleXMLRPCServer May Let Remote Users Access Internal Data or Execute Arbitrary Code

Source: cve@mitre.org
Type: Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org

Source: CCN
Type: CIAC Information Bulletin P-121
Python XML-RPC Server Vulnerability

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: DEBIAN
Type: DSA-666
python2.2 -- design flaw

Source: CCN
Type: GLSA-200502-09
Python: Arbitrary code execution through SimpleXMLRPCServer

Source: cve@mitre.org
Type: Broken Link, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link, Patch, Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: BID-12437
Python SimpleXMLRPCServer Library Module Unauthorized Access Vulnerability

Source: cve@mitre.org
Type: Third Party Advisory, VDB Entry
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: TLSA-2005-36
Python SimpleXMLRPCServer library module vulnerability

Source: CCN
Type: USN-73-1
Python vulnerability

Source: cve@mitre.org
Type: VDB Entry
cve@mitre.org

Source: XF
Type: UNKNOWN
python-simplexmlrpcserver-bypass(19217)

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: SUSE
Type: SUSE-SR:2005:005
SUSE Security Summary Report

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:python:python:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20050089
    V
    		CVE-2005-0089
    2015-11-16
    oval:org.mitre.oval:def:9811
    V
    		Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.
    2013-04-29
    oval:com.redhat.rhsa:def:20050108
    P
    		RHSA-2005:108: python security update (Important)
    2005-02-15
    oval:com.redhat.rhsa:def:20050109
    P
    		RHSA-2005:109: python security update (Important)
    2005-02-14
    oval:org.debian:def:666
    V
    		design flaw
    2005-02-04
    BACK
    python python 2.2
    python python 2.4
    debian debian linux 3.0
    gentoo linux *
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.0
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1