Описание
Уязвимость набора инструментов для Python dnspython связана с недостаточной проверки вводимых пользователем данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Вендор
Novell Inc.
Red Hat Inc.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
Fedora Project
АО «ИВК»
АО «НТЦ ИТ РОСА»
Наименование ПО
SUSE Linux Enterprise Server for SAP Applications
OpenSUSE Leap
Suse Linux Enterprise Server
SUSE Linux Enterprise High Performance Computing
Red Hat Enterprise Linux
SUSE Linux Enterprise Module for Public Cloud
openSUSE Tumbleweed
Debian GNU/Linux
РЕД ОС
SUSE Manager Retail Branch Server
SUSE Manager Proxy
SUSE Manager Server
SUSE Enterprise Storage
SUSE Linux Enterprise Micro
Fedora
Suse Linux Enterprise Desktop
SUSE Linux Enterprise Module for Basesystem
Red Hat Ansible Automation Platform
Red Hat OpenShift Container Platform
SUSE Linux Enterprise Module for Package Hub
АЛЬТ СП 10
openSUSE Leap Micro
SUSE Liberty Linux
SUSE Linux Enterprise Module for Python 3
dnspython
ROSA Virtualization 3.0
Версия ПО
12 SP3 (SUSE Linux Enterprise Server for SAP Applications)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
15.5 (OpenSUSE Leap)
12 SP3 (Suse Linux Enterprise Server)
12 SP4 (Suse Linux Enterprise Server)
12 (SUSE Linux Enterprise High Performance Computing)
8 (Red Hat Enterprise Linux)
12 (SUSE Linux Enterprise Module for Public Cloud)
15 (SUSE Linux Enterprise Module for Public Cloud)
15 (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (Suse Linux Enterprise Server)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
12 (SUSE Linux Enterprise Server for SAP Applications)
- (openSUSE Tumbleweed)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
12 (Suse Linux Enterprise Server)
7.3 (РЕД ОС)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing)
15 (Suse Linux Enterprise Server)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
9 (Red Hat Enterprise Linux)
15 SP2-LTSS (Suse Linux Enterprise Server)
4.3 (SUSE Manager Retail Branch Server)
4.3 (SUSE Manager Proxy)
4.3 (SUSE Manager Server)
7.1 (SUSE Enterprise Storage)
15 (SUSE Linux Enterprise High Performance Computing)
5.3 (SUSE Linux Enterprise Micro)
15 SP3-LTSS (Suse Linux Enterprise Server)
15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing)
38 (Fedora)
39 (Fedora)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
15 SP5 (Suse Linux Enterprise Desktop)
15 SP5 (SUSE Linux Enterprise High Performance Computing)
15 SP5 (SUSE Linux Enterprise Module for Basesystem)
5.4 (SUSE Linux Enterprise Micro)
2 (Red Hat Ansible Automation Platform)
4.13 (Red Hat OpenShift Container Platform)
15 SP5 (SUSE Linux Enterprise Module for Package Hub)
- (АЛЬТ СП 10)
5.5 (SUSE Linux Enterprise Micro)
5.5 (openSUSE Leap Micro)
9 (SUSE Liberty Linux)
8 (SUSE Liberty Linux)
15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing)
40 (Fedora)
15 SP4-LTSS (Suse Linux Enterprise Server)
4.15 (Red Hat OpenShift Container Platform)
15 SP6 (Suse Linux Enterprise Desktop)
15 SP6 (Suse Linux Enterprise Server)
15 SP6 (SUSE Linux Enterprise Server for SAP Applications)
15 SP6 (SUSE Linux Enterprise High Performance Computing)
15 SP6 (SUSE Linux Enterprise Module for Basesystem)
15 SP6 (SUSE Linux Enterprise Module for Package Hub)
15.6 (OpenSUSE Leap)
6.0 (SUSE Linux Enterprise Micro)
4.14 (Red Hat OpenShift Container Platform)
4.16 (Red Hat OpenShift Container Platform)
6.1 (SUSE Linux Enterprise Micro)
2.4 for RHEL 8 (Red Hat Ansible Automation Platform)
2.4 for RHEL 9 (Red Hat Ansible Automation Platform)
15 SP5 (SUSE Linux Enterprise Module for Python 3)
15 SP6 (SUSE Linux Enterprise Module for Python 3)
до 2.6.0 включительно (dnspython)
3.0 (ROSA Virtualization 3.0)
Тип ПО
Операционная система
Прикладное ПО информационных систем
Сетевое средство
Сетевое программное средство
Операционные системы и аппаратные платформы
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Novell Inc. OpenSUSE Leap 15.5
Novell Inc. Suse Linux Enterprise Server 12 SP3
Novell Inc. Suse Linux Enterprise Server 12 SP4
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12
Novell Inc. openSUSE Tumbleweed -
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Сообщество свободного программного обеспечения Debian GNU/Linux 12
Novell Inc. Suse Linux Enterprise Server 12
ООО «Ред Софт» РЕД ОС 7.3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
Novell Inc. Suse Linux Enterprise Server 15
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Red Hat Inc. Red Hat Enterprise Linux 9
Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS
Fedora Project Fedora 38
Fedora Project Fedora 39
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Novell Inc. Suse Linux Enterprise Desktop 15 SP5
АО «ИВК» АЛЬТ СП 10 -
Novell Inc. openSUSE Leap Micro 5.5
Novell Inc. SUSE Liberty Linux 9
Novell Inc. SUSE Liberty Linux 8
Fedora Project Fedora 40
Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS
Novell Inc. Suse Linux Enterprise Desktop 15 SP6
Novell Inc. Suse Linux Enterprise Server 15 SP6
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6
Novell Inc. OpenSUSE Leap 15.6
АО «НТЦ ИТ РОСА» ROSA Virtualization 3.0 3.0
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,6)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7)
Возможные меры по устранению уязвимости
Использование рекомендаций:
https://github.com/rthalley/dnspython/releases/tag/v2.6.0
Для РедОС:
https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-python3-dns-cve-2023-29483/?sphrase_id=756875
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-29483
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2023-29483
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2023-29483.html
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRKR57IFVKQC2GCXZBFLCLBAWBWL3F6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOHJOO3OM65UIUUUVDEXMCTXNM6LXZEH/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3BNSIK5NFYSAP53Y45GOCMOQHHDLGIF/
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2824
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2823
Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства:https://altsp.su/obnovleniya-bezopasnosti/
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Существует в открытом доступе
Информация об устранении
Уязвимость устранена
Ссылки на источники
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 89%
0.04954
Низкий
7 High
CVSS3
6.6 Medium
CVSS2
Связанные уязвимости
CVSS3: 7
ubuntu
больше 1 года назад
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
CVSS3: 5.9
redhat
почти 2 года назад
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
CVSS3: 7
nvd
больше 1 года назад
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.
CVSS3: 7
debian
больше 1 года назад
eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remo ...
EPSS
Процентиль: 89%
0.04954
Низкий
7 High
CVSS3
6.6 Medium
CVSS2