CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.7 | $0-$5k | 0.00 |
A vulnerability was found in Python (Programming Language Software). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component File Handler. The manipulation with an unknown input leads to a cryptographic issues vulnerability (Hash). The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect availability. The summary by CVE is:
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
The weakness was presented 04/19/2012 as CPython hash secret can be recoved remotely as confirmed mailinglist post (oss-sec). It is possible to read the advisory at seclists.org. This vulnerability is known as CVE-2013-7040 since 12/09/2013. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are unknown but a public exploit is available. The attack technique deployed by this issue is T1600 according to MITRE ATT&CK. Responsible for the vulnerability is the following code:
while (--len >= 0) x = (_PyHASH_MULTIPLIER * x) ^ (Py_uhash_t) *P++;
After immediately, there has been an exploit disclosed. It is possible to download the exploit at vuldb.com. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 85408 (Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family MacOS X Local Security Checks and running in the context c. The commercial vulnerability scanner Qualys is able to test this issue with plugin 123806 (Apple Mac OS X v10.10.5 and Security Update 2015-006 Not Installed (APPLE-SA-2015-08-13-2)). The code used by the exploit is:
ha = hash("\x00\xcf\x0b\x96\x19") hb = hash("\x00\x6d\x29\x45\x18") if ha == hb: print "collision"
Upgrading to version 3.4 eliminates this vulnerability. The upgrade is hosted for download at python.org. A possible mitigation has been published 4 years after the disclosure of the vulnerability. The mailinglist post contains the following remark:
Python 3.4+ will use SipHash by default (http://www.python.org/dev/peps/pep-0456), which should resolve the vulnerability completely.
The vulnerability is also documented in the databases at X-Force (89636) and Tenable (85408). Additional details are provided at bugs.python.org. See 7837, 12088, 12510 and 69011 for similar entries.
Product
Type
Name
Version
- 2.7
- 2.7.1
- 2.7.3
- 2.7.4
- 2.7.5
- 2.7.6
- 2.7.7
- 2.7.1150
- 2.7.2150
- 3.0
- 3.0.1
- 3.1
- 3.1.1
- 3.1.2
- 3.1.3
- 3.1.4
- 3.1.5
- 3.2
- 3.2.0
- 3.2.1
- 3.2.2
- 3.2.3
- 3.2.4
- 3.2.5
- 3.2.2150
- 3.3
- 3.3.0
- 3.3.1
- 3.3.2
- 3.3.3
- 3.3.4
- 3.3.5
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.7
VulDB Base Score: 7.5
VulDB Temp Score: 6.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Name: HashClass: Cryptographic issues / Hash
CWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 85408
Nessus Name: Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 801796
OpenVAS Name: Python Hash Collision Denial of Service Vulnerability (Windows)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: Python 3.4
Timeline
04/19/2012 🔍04/19/2012 🔍
12/09/2013 🔍
12/10/2013 🔍
12/10/2013 🔍
12/22/2013 🔍
05/19/2014 🔍
08/11/2015 🔍
08/17/2015 🔍
08/18/2015 🔍
11/25/2018 🔍
Sources
Advisory: CPython hash secret can be recoved remotelyStatus: Confirmed
Confirmation: 🔍
CVE: CVE-2013-7040 (🔍)
X-Force: 89636
Vulnerability Center: 52153 - Python 2.7 - 3.3.9 Remote DoS Vulnerability via Crafted Input, Medium
SecurityFocus: 64194 - Python CVE-2013-7040 Information Disclosure Weakness
OSVDB: 101258
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 12/22/2013 13:31Updated: 11/25/2018 10:02
Changes: 12/22/2013 13:31 (80), 11/25/2018 10:02 (12)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.