Python urllib CVE-2019-9948 Security Bypass Vulnerability

Python is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
Python 2.x through 2.7.16 are vulnerable; other versions may also be affected.

Information

Bugtraq ID: 107549
Class: Design Error
CVE: CVE-2019-9948

Remote: Yes
Local: No
Published: Mar 23 2019 12:00AM
Updated: Mar 23 2019 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Python Software Foundation Python 2.7.16
Python Software Foundation Python 2.7.15
Python Software Foundation Python 2.7.14
Python Software Foundation Python 2.7.12
Python Software Foundation Python 2.7.11
Python Software Foundation Python 2.7.10
Python Software Foundation Python 2.7
Python Software Foundation Python 2.6.5
Python Software Foundation Python 2.6.2
Python Software Foundation Python 2.5.5
Python Software Foundation Python 2.5.3
Python Software Foundation Python 2.5.1
Python Software Foundation Python 2.4.5
Python Software Foundation Python 2.4.4
Python Software Foundation Python 2.4.3
+ Trustix Secure Linux 3.0.5
Python Software Foundation Python 2.4.2
Python Software Foundation Python 2.4.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.6
Python Software Foundation Python 2.3.5
Python Software Foundation Python 2.3.4
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.3.3
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.3.2
Python Software Foundation Python 2.3.1
Python Software Foundation Python 2.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.2.3
+ Redhat Desktop 3.0
+ Redhat Enterprise Linux AS 3
+ Redhat Enterprise Linux ES 3
+ Redhat Enterprise Linux WS 3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.2.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.2
+ Redhat Linux 7.3
+ Redhat Linux 7.3
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
Python Software Foundation Python 2.2.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ SuSE Linux 8.1
Python Software Foundation Python 2.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
Python Software Foundation Python 2.1.3
+ Debian Linux 3.0
Python Software Foundation Python 2.1.2
Python Software Foundation Python 2.1.1
+ Redhat Linux 7.2
+ Sun Linux 5.0.7
Python Software Foundation Python 2.1
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Python Software Foundation Python 2.0.1
Python Software Foundation Python 2.0
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Python Software Foundation Python 2.7.13
Python Software Foundation Python 2.7.1
Python Software Foundation Python 2.6.6
Python Software Foundation Python 2.6
Python Software Foundation Python 2.5
Python Software Foundation Python 2.4.2
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3
Python Software Foundation Python 2.2

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• [2.7] bpo-35907: Avoid file reading as disallowing the unnecessary URL scheme i (Python)
  
• Python Homepage (Python)
  
• Unnecessary URL scheme exists to allow file:// reading file in urllib (Python)
  

Source: www.securityfocus.com