Add known Python vulnerabilities.
Thanks to Hanno Schlichting for sending me this information and allowing me to quote him.
This commit is contained in:
stevendaprano
GitHub
parent
848fcd1b33
commit
6327bd6b41
34
pep-0506.txt
34
pep-0506.txt
|
|
@ -314,12 +314,29 @@ Frequently Asked Questions
|
|||
state of MT [#]_ [#]_ and so predict all past and future values. There
|
||||
are a number of known, practical attacks on systems using MT for
|
||||
randomness [#]_.
|
||||
|
||||
* Q: Attacks on PHP are one thing, but are there any known attacks on
|
||||
Python software?
|
||||
|
||||
While there are currently no known direct attacks on applications
|
||||
written in Python due to the use of MT, there is widespread agreement
|
||||
that such usage is unsafe.
|
||||
A: Yes. There have been vulnerabilities in Zope and Plone at the very
|
||||
least. Hanno Schlichting commented [#]_::
|
||||
|
||||
* Q: Is this an alternative to specialise cryptographic software such as SSL?
|
||||
"In the context of Plone and Zope a practical attack was
|
||||
demonstrated, but I can't find any good non-broken links about
|
||||
this anymore. IIRC Plone generated a random number and exposed
|
||||
this on each error page along the lines of 'Sorry, you encountered
|
||||
an error, your problem has been filed as <random number>, please
|
||||
include this when you contact us'. This allowed anyone to do large
|
||||
numbers of requests to this page and get enough random values to
|
||||
reconstruct the MT state. A couple of security related modules used
|
||||
random instead of system random (cookie session ids, password reset
|
||||
links, auth token), so the attacker could break all of those."
|
||||
|
||||
Christian Heimes reported this issue to the Zope security team in 2012 [#]_,
|
||||
there are at least two related CVE vulnerabilities [#]_, and at least one
|
||||
work-around for this issue in Django [#]_.
|
||||
|
||||
* Q: Is this an alternative to specialist cryptographic software such as SSL?
|
||||
|
||||
A: No. This is a "batteries included" solution, not a full-featured
|
||||
"nuclear reactor". It is intended to mitigate against some basic
|
||||
|
|
@ -421,6 +438,15 @@ References
|
|||
|
||||
.. [#] https://media.blackhat.com/bh-us-12/Briefings/Argyros/BH_US_12_Argyros_PRNG_WP.pdf
|
||||
|
||||
.. [#] Personal communication, 2016-08-24.
|
||||
|
||||
.. [#] https://bugs.launchpad.net/zope2/+bug/1071067
|
||||
|
||||
.. [#] http://www.cvedetails.com/cve/CVE-2012-5508/
|
||||
http://www.cvedetails.com/cve/CVE-2012-6661/
|
||||
|
||||
.. [#] https://github.com/django/django/commit/1525874238fd705ec17a066291935a9316bd3044
|
||||
|
||||
.. [#] https://mail.python.org/pipermail/python-ideas/2015-September/036157.html
|
||||
|
||||
.. [#] https://mail.python.org/pipermail/python-ideas/2015-September/036476.html
|
||||
|
|
|
|||
Loading…
Reference in New Issue