| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.7 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in Python. This affects an unknown part of the component File Handler. This manipulation causes cryptographic issue (Hash). This vulnerability appears as CVE-2013-7040. In addition, an exploit is available. It is recommended to upgrade the affected component.
Details
A vulnerability was found in Python (Programming Language Software). It has been declared as critical. Affected by this vulnerability is some unknown processing of the component File Handler. The manipulation with an unknown input leads to a cryptographic issue vulnerability (Hash). The CWE definition for the vulnerability is CWE-310. As an impact it is known to affect availability. The summary by CVE is:
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
The weakness was presented 04/19/2012 as CPython hash secret can be recoved remotely as confirmed mailinglist post (oss-sec). It is possible to read the advisory at seclists.org. This vulnerability is known as CVE-2013-7040 since 12/09/2013. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details are unknown but a public exploit is available. The attack technique deployed by this issue is T1600 according to MITRE ATT&CK. Responsible for the vulnerability is the following code:
while (--len >= 0) x = (_PyHASH_MULTIPLIER * x) ^ (Py_uhash_t) *P++;
After immediately, there has been an exploit disclosed. It is possible to download the exploit at vuldb.com. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 85408 (Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family MacOS X Local Security Checks and running in the context c. The commercial vulnerability scanner Qualys is able to test this issue with plugin 123806 (Apple Mac OS X v10.10.5 and Security Update 2015-006 Not Installed (APPLE-SA-2015-08-13-2)). The code used by the exploit is:
ha = hash("\x00\xcf\x0b\x96\x19")
hb = hash("\x00\x6d\x29\x45\x18")
if ha == hb:
print "collision" Upgrading to version 3.4 eliminates this vulnerability. The upgrade is hosted for download at python.org. A possible mitigation has been published 4 years after the disclosure of the vulnerability. The mailinglist post contains the following remark:
Python 3.4+ will use SipHash by default (http://www.python.org/dev/peps/pep-0456), which should resolve the vulnerability completely.
The vulnerability is also documented in the databases at X-Force (89636), Tenable (85408), SecurityFocus (BID 64194†), OSVDB (101258†) and Vulnerability Center (SBV-52153†). Additional details are provided at bugs.python.org. See VDB-7837, VDB-12088, VDB-12510 and VDB-69011 for similar entries. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Name
Version
- 2.7
- 2.7.1
- 2.7.3
- 2.7.4
- 2.7.5
- 2.7.6
- 2.7.7
- 2.7.1150
- 2.7.2150
- 3.0
- 3.0.1
- 3.1
- 3.1.1
- 3.1.2
- 3.1.3
- 3.1.4
- 3.1.5
- 3.2
- 3.2.0
- 3.2.1
- 3.2.2
- 3.2.3
- 3.2.4
- 3.2.5
- 3.2.2150
- 3.3
- 3.3.0
- 3.3.1
- 3.3.2
- 3.3.3
- 3.3.4
- 3.3.5
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.7
VulDB Base Score: 7.5
VulDB Temp Score: 6.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Name: HashClass: Cryptographic issue / Hash
CWE: CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 85408
Nessus Name: Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 801796
OpenVAS Name: Python Hash Collision Denial of Service Vulnerability (Windows)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: Python 3.4
Timeline
04/19/2012 🔍04/19/2012 🔍
12/09/2013 🔍
12/10/2013 🔍
12/10/2013 🔍
12/22/2013 🔍
05/19/2014 🔍
08/11/2015 🔍
08/17/2015 🔍
08/18/2015 🔍
11/25/2018 🔍
Sources
Advisory: CPython hash secret can be recoved remotelyStatus: Confirmed
Confirmation: 🔍
CVE: CVE-2013-7040 (🔍)
GCVE (CVE): GCVE-0-2013-7040
GCVE (VulDB): GCVE-100-11563
X-Force: 89636
SecurityFocus: 64194 - Python CVE-2013-7040 Information Disclosure Weakness
OSVDB: 101258
Vulnerability Center: 52153 - Python 2.7 - 3.3.9 Remote DoS Vulnerability via Crafted Input, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍
See also: 🔍
Entry
Created: 12/22/2013 13:31Updated: 11/25/2018 10:02
Changes: 12/22/2013 13:31 (80), 11/25/2018 10:02 (12)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.