Forum Thread: Pyhton 2.7

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
OpenOffice.org
And, this specific program:
Apache OpenOffice 4.x

This thread has been marked as locked.
detsi Pyhton 2.7
Member 6th Feb, 2014 10:58
Ranking: 4
Posts: 64
User Since: 2nd Jan, 2011
System Score: N/A
Location: UK

Posts: 29
User Since: 2nd Jan, 2011
System Score: 98%
Location: UK
Secunia informs me that Python 2.7 needs updating.I was not aware that this program was installed. It is not showing in my programs. Any idea what it is and how it has suddenly appeared?

Maurice Joyce RE: Pyhton 2.7
Handling Contributor 6th Feb, 2014 14:39
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 6th Feb, 2014 15:29
Where does PSI tell you it is installed?

FINDING A FILE PATH USING PSI

VERSION 2


From the DASHBOARD page click on SCAN RESULTS.

1. This will list all your programmes with a + to the left of each programme.
2. Click the + sign next to the item that U want help with.
3. This will reveal the path under DETECTED INSTANCES.
4. Below DETECTED INSTANCES you will see this You can double click this row for additional information & options>double click it>a box will appear>look to the RIGHT & U will see TROUBLESHOOT REPORT in BLUE writing under the heading TOOLBOX> click TroubleShoot Report & it will reveal some information in a box>highlight the information revealed from ---START--- to ---END--- & copy it (CTRL+C) then post it to the Forum (CTRL+V)

VERSION 3
This version does not have such an easy method to publish the path.

Open PSI>once open select Show Programs.
You will now see a page full of programme icons or a list.
Right click on the programme in error>select Show Details - that will open a box showing the path & version number of the offending file.
You now have 3 options:
1. Write down the exact file path & install version - return to the Forum & type that information.
2. Take a screen shot & publish that.

EDIT

Sorry I did not answer your other question - details on Python are here:
http://www.python.org/

Last Reviewed 13:38 06/02/2014










--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
detsi RE: Pyhton 2.7
Member 6th Feb, 2014 17:40
Score: 4
Posts: 64
User Since: 2nd Jan 2011
System Score: N/A
Location: UK
Thanks for your reply. It would appear to be part of Open Office.

C:\Program Files\OpenOffice4\program\python27.dll

I assume it will be ok to go ahead to update it.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Pyhton 2.7
Handling Contributor 6th Feb, 2014 23:02
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It is embedded so only Open Office can update it.

Because it is embedded it could be harmless & Secunia need to adjust their database so that it does not show.

I am writing to Secunia Support tonight - I will ask them to update this thread on the actions they are taking.

Hope this helps.

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+1
-0
detsi RE: Pyhton 2.7
Member 6th Feb, 2014 23:46
Score: 4
Posts: 64
User Since: 2nd Jan 2011
System Score: N/A
Location: UK
Yes, it does help. Thanks a lot.
Was this reply relevant?
+0
-0
This user no longer exists RE: Pyhton 2.7
Secunia Official 7th Feb, 2014 10:26
Hi,

Our filesignatures team has just updated the rules.
Please perform a new scan with the Secunia PSI and see if the issue has been solved.
Rassilon RE: Pyhton 2.7
Member 7th Feb, 2014 16:40
Score: 4
Posts: 3
User Since: 15th May 2013
System Score: N/A
Location: RO
Last edited on 7th Feb, 2014 17:01
on 7th Feb, 2014 10:26, wrote:
Hi,

Our filesignatures team has just updated the rules.
Please perform a new scan with the Secunia PSI and see if the issue has been solved.



unfortunately i think that this fix of yours is too wide-scoped, causing the warning about Google Drive v.1.13.5782.0599
to no longer show up and that app USES the vulnerable SSL functions and it uses a python27.dll v2.7.3 - this one has a SSL Certificate Spoofing bug

https://www.virustotal.com/en/file/effebd642d2f67b...

the wide-scope "fix" for the python27 detection in OpenOffice is a wrong move because Secunia should KEEP FLAGGING Google Drive (another app that uses python27.dll - v2.7.3 currently) as insecure until Google updates the python27.dll that they distribute.

Edit: also, it's impossible for the user to update only the python27.dll that Google Drive uses because Drive installs a new copy of the python environment each time it starts, using the folder: %TEMP%\_MEI<random_group_of_digits_here> where the random digits are different at each start of googledrivesync.exe
Was this reply relevant?
+1
-0
DrT788 RE: Pyhton 2.7
Member 8th Feb, 2014 12:45
Score: 0
Posts: 1
User Since: 8th Feb 2014
System Score: N/A
Location: US
I have to agree with Rassilon on this one. I think maybe this Python dll needs to be flagged even for embedded. This DLL is used with SpiderOak and I think they need to upgrade even if it is unlikely to be exploited, and having PSI flag it allows me to continue to press them to upgrade and replace the DLL.
Was this reply relevant?
+0
-0

This thread has been marked as locked.