Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
{"id": "ALPINE:CVE-2020-15707", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2020-15707", "description": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.", "published": "2020-07-29T18:15:00", "modified": "2021-09-13T14:25:00", "epss": [{"cve": "CVE-2020-15707", "epss": 0.00102, "percentile": 0.40526, "modified": "2023-06-06"}], "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.4}, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.5, "impactScore": 5.9}, "href": "https://security.alpinelinux.org/vuln/CVE-2020-15707", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2020-15707"], "immutableFields": [], "lastseen": "2023-06-23T11:06:27", "viewCount": 10, "enchantments": {"score": {"value": 8.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "centos", "idList": ["CESA-2020:3217"]}, {"type": "cve", "idList": ["CVE-2020-15707"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4735-1:A9183"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15707"]}, {"type": "f5", "idList": ["F5:K48187630"]}, {"type": "fedora", "idList": ["FEDORA:1FF6B30C5606", "FEDORA:574BC3099D0A"]}, {"type": "gentoo", "idList": ["GLSA-202104-05"]}, {"type": "hp", "idList": ["HP:C06707446"]}, {"type": "ibm", "idList": ["D860B85F49895E0D8CF0AC6A066F6902558B044E03F0320678E24399C41C6135"]}, {"type": "ics", "idList": ["ICSA-21-336-06"]}, {"type": "mageia", "idList": ["MGASA-2021-0315"]}, {"type": "mscve", "idList": ["MS:ADV200011"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2020-3216.NASL", "CENTOS_RHSA-2020-3217.NASL", "DEBIAN_DSA-4735.NASL", "EULEROS_SA-2020-1853.NASL", "EULEROS_SA-2020-2000.NASL", "EULEROS_SA-2021-1601.NASL", "GENTOO_GLSA-202104-05.NASL", "NEWSTART_CGSL_NS-SA-2021-0008_GRUB2.NASL", "NEWSTART_CGSL_NS-SA-2021-0139_GRUB2.NASL", "OPENSUSE-2020-1168.NASL", "OPENSUSE-2020-1169.NASL", "ORACLELINUX_ELSA-2020-5782.NASL", "ORACLELINUX_ELSA-2020-5786.NASL", "PHOTONOS_PHSA-2020-1_0-0311_GRUB2.NASL", "PHOTONOS_PHSA-2020-2_0-0267_GRUB2.NASL", "REDHAT-RHSA-2020-3216.NASL", "REDHAT-RHSA-2020-3217.NASL", "REDHAT-RHSA-2020-3223.NASL", "REDHAT-RHSA-2020-3227.NASL", "REDHAT-RHSA-2020-3271.NASL", "REDHAT-RHSA-2020-3274.NASL", "REDHAT-RHSA-2020-3275.NASL", "REDHAT-RHSA-2020-3276.NASL", "SUSE_SU-2020-14440-1.NASL", "SUSE_SU-2020-2073-1.NASL", "SUSE_SU-2020-2074-1.NASL", "SUSE_SU-2020-2076-1.NASL", "SUSE_SU-2020-2077-1.NASL", "SUSE_SU-2020-2078-1.NASL", "SUSE_SU-2020-2079-1.NASL", "UBUNTU_USN-4432-1.NASL", "UBUNTU_USN-4432-2.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5782", "ELSA-2020-5786", "ELSA-2020-5790", "ELSA-2021-0696"]}, {"type": "osv", "idList": ["OSV:CVE-2020-15707", "OSV:DSA-4735-1", "OSV:DSA-4735-2"]}, {"type": "photon", "idList": ["PHSA-2020-0120", "PHSA-2020-0311", "PHSA-2020-1.0-0311", "PHSA-2020-2.0-0267", "PHSA-2020-3.0-0120"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:4DA175A5FB10CC3E64B58AB0536688A4"]}, {"type": "redhat", "idList": ["RHSA-2020:3216", "RHSA-2020:3217", "RHSA-2020:3223", "RHSA-2020:3227", "RHSA-2020:3271", "RHSA-2020:3274", "RHSA-2020:3275", "RHSA-2020:3276"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15707"]}, {"type": "redos", "idList": ["ROS-20220920-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1168-1", "OPENSUSE-SU-2020:1169-1"]}, {"type": "ubuntu", "idList": ["USN-4432-1", "USN-4432-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15707"]}, {"type": "veracode", "idList": ["VERACODE:25986"]}]}, "vulnersScore": 8.0}, "_state": {"score": 1687520491, "dependencies": 1687520033}, "_internal": {"score_hash": "c5f353a48c1e61c4b1ffdb6c4fe452fc"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.06-r0", "operator": "lt", "packageName": "grub"}, {"OS": "Alpine", "OSVersion": "3.17-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.06-r0", "operator": "lt", "packageName": "grub"}, {"OS": "Alpine", "OSVersion": "3.18-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.06-r0", "operator": "lt", "packageName": "grub"}]}
{"ubuntucve": [{"lastseen": "2023-08-09T17:37:13", "description": "Integer overflows were discovered in the functions grub_cmd_initrd and\ngrub_initrd_init in the efilinux component of GRUB2, as shipped in Debian,\nRed Hat, and Ubuntu (the functionality is not included in GRUB2 upstream),\nleading to a heap-based buffer overflow. These could be triggered by an\nextremely large number of arguments to the initrd command on 32-bit\narchitectures, or a crafted filesystem with very large files on any\narchitecture. An attacker could use this to execute arbitrary code and\nbypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04\nand prior versions.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | efilinux: Fix integer overflows in grub_cmd_initrd e961f8f8cdb25245900dc0884047e856346035b3 Title: grub2: integer overflows in efilinux grub_cmd_initrd and grub_initrd_init leads to heap based buffer overflow code is not upstream in grub2 but carried as part of patches by Ubuntu, Debian, Red Hat and possibly others. \n[alexmurray](<https://launchpad.net/~alexmurray>) | grub2-signed is not supported in Ubuntu 12.04 ESM (precise/esm) and so marking the priority for grub2 in this release as low\n", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-29T00:00:00", "type": "ubuntucve", "title": "CVE-2020-15707", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15707"], "modified": "2020-07-29T00:00:00", "id": "UB:CVE-2020-15707", "href": "https://ubuntu.com/security/CVE-2020-15707", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-06T14:27:38", "description": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-29T18:15:00", "type": "cve", "title": "CVE-2020-15707", "cwe": ["CWE-362", "CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15707"], "modified": "2021-09-13T14:25:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:suse:suse_linux_enterprise_server:15", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_10:1709", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/a:redhat:enterprise_linux_atomic_host:-", "cpe:/a:redhat:openshift_container_platform:4.0", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_10:-", "cpe:/o:opensuse:leap:15.2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:suse:suse_linux_enterprise_server:12", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:suse:suse_linux_enterprise_server:11", "cpe:/o:microsoft:windows_10:1607", "cpe:/a:netapp:active_iq_unified_manager:*", "cpe:/a:gnu:grub2:2.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:opensuse:leap:15.1", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "CVE-2020-15707", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15707", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:grub2:2.04:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"]}], "veracode": [{"lastseen": "2023-04-18T12:41:32", "description": "grub2 is vulnerable to denial of service (DoS). The vulnerability exists through integer overflow in initrd size handling.\n", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-30T02:02:35", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15707"], "modified": "2021-05-01T06:50:27", "id": "VERACODE:25986", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-25986/summary", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-06-06T14:55:24", "description": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-29T18:15:00", "type": "debiancve", "title": "CVE-2020-15707", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15707"], "modified": "2020-07-29T18:15:00", "id": "DEBIANCVE:CVE-2020-15707", "href": "https://security-tracker.debian.org/tracker/CVE-2020-15707", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-06-06T15:07:29", "description": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.\n", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-29T17:06:20", "type": "redhatcve", "title": "CVE-2020-15707", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15707"], "modified": "2023-04-06T08:02:26", "id": "RH:CVE-2020-15707", "href": "https://access.redhat.com/security/cve/cve-2020-15707", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-11-22T20:47:18", "description": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.", "cvss3": {}, "published": "2020-07-29T18:15:00", "type": "osv", "title": "CVE-2020-15707", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-15707"], "modified": "2022-11-22T20:47:16", "id": "OSV:CVE-2020-15707", "href": "https://osv.dev/vulnerability/CVE-2020-15707", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T07:19:12", "description": "\nSeveral vulnerabilities have been discovered in the GRUB2 bootloader.\n\n\n* [CVE-2020-10713](https://security-tracker.debian.org/tracker/CVE-2020-10713)\nA flaw in the grub.cfg parsing code was found allowing to break\n UEFI Secure Boot and load arbitrary code. Details can be found at\n <https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>\n* [CVE-2020-14308](https://security-tracker.debian.org/tracker/CVE-2020-14308)\nIt was discovered that grub\\_malloc does not validate the allocation\n size allowing for arithmetic overflow and subsequently a heap-based\n buffer overflow.\n* [CVE-2020-14309](https://security-tracker.debian.org/tracker/CVE-2020-14309)\nAn integer overflow in grub\\_squash\\_read\\_symlink may lead to a heap based buffer overflow.\n* [CVE-2020-14310](https://security-tracker.debian.org/tracker/CVE-2020-14310)\nAn integer overflow in read\\_section\\_from\\_string may lead to a heap based buffer overflow.\n* [CVE-2020-14311](https://security-tracker.debian.org/tracker/CVE-2020-14311)\nAn integer overflow in grub\\_ext2\\_read\\_link may lead to a heap-based\n buffer overflow.\n* [CVE-2020-15706](https://security-tracker.debian.org/tracker/CVE-2020-15706)\nscript: Avoid a use-after-free when redefining a function during\n execution.\n* [CVE-2020-15707](https://security-tracker.debian.org/tracker/CVE-2020-15707)\nAn integer overflow flaw was found in the initrd size handling.\n\n\nFurther detailed information can be found at\n<https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot>\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.02+dfsg1-20+deb10u1.\n\n\nWe recommend that you upgrade your grub2 packages.\n\n\nFor the detailed security status of grub2 please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/grub2>\n\n\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-29T00:00:00", "type": "osv", "title": "grub2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-14311", "CVE-2020-14308"], "modified": "2022-08-10T07:19:03", "id": "OSV:DSA-4735-1", "href": "https://osv.dev/vulnerability/DSA-4735-1", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:19:13", "description": "\nSeveral vulnerabilities have been discovered in the GRUB2 bootloader.\n\n\n* [CVE-2020-10713](https://security-tracker.debian.org/tracker/CVE-2020-10713)\nA flaw in the grub.cfg parsing code was found allowing to break\n UEFI Secure Boot and load arbitrary code. Details can be found at\n <https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>\n* [CVE-2020-14308](https://security-tracker.debian.org/tracker/CVE-2020-14308)\nIt was discovered that grub\\_malloc does not validate the allocation\n size allowing for arithmetic overflow and subsequently a heap-based\n buffer overflow.\n* [CVE-2020-14309](https://security-tracker.debian.org/tracker/CVE-2020-14309)\nAn integer overflow in grub\\_squash\\_read\\_symlink may lead to a heap based buffer overflow.\n* [CVE-2020-14310](https://security-tracker.debian.org/tracker/CVE-2020-14310)\nAn integer overflow in read\\_section\\_from\\_string may lead to a heap based buffer overflow.\n* [CVE-2020-14311](https://security-tracker.debian.org/tracker/CVE-2020-14311)\nAn integer overflow in grub\\_ext2\\_read\\_link may lead to a heap-based\n buffer overflow.\n* [CVE-2020-15706](https://security-tracker.debian.org/tracker/CVE-2020-15706)\nscript: Avoid a use-after-free when redefining a function during\n execution.\n* [CVE-2020-15707](https://security-tracker.debian.org/tracker/CVE-2020-15707)\nAn integer overflow flaw was found in the initrd size handling.\n\n\nFurther detailed information can be found at\n<https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot>\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.02+dfsg1-20+deb10u1.\n\n\nWe recommend that you upgrade your grub2 packages.\n\n\nFor the detailed security status of grub2 please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/grub2>\n\n\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-29T00:00:00", "type": "osv", "title": "grub2 - regression update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15706", "CVE-2020-14309", "CVE-2020-15707", "CVE-2020-14310", "CVE-2020-10713", "CVE-2020-14311", "CVE-2020-14308"], "modified": "2022-08-10T07:19:04", "id": "OSV:DSA-4735-2", "href": "https://osv.dev/vulnerability/DSA-4735-2", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:07:03", "description": "According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The GRand Unified Bootloader (GRUB) is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices.Security Fix(es):There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.(CVE-2020-14309)There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.(CVE-2020-14310)There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.(CVE-2020-14311)GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15706)Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15707)In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.(CVE-2020-14308)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2020-1853)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1853.NASL", "href": "https://www.tenable.com/plugins/nessus/139956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139956);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2020-1853)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The GRand Unified Bootloader (GRUB) is a highly\n configurable and customizable bootloader with modular\n architecture. It supports a rich variety of kernel\n formats, file systems, computer architectures and\n hardware devices.Security Fix(es):There's an issue with\n grub2 in all versions before 2.06 when handling\n squashfs filesystems containing a symbolic link with\n name length of UINT32 bytes in size. The name size\n leads to an arithmetic overflow leading to a zero-size\n allocation further causing a heap-based buffer overflow\n with attacker controlled data.(CVE-2020-14309)There is\n an issue on grub2 before version 2.06 at function\n read_section_as_string(). It expects a font name to be\n at max UINT32_MAX - 1 length in bytes but it doesn't\n verify it before proceed with buffer allocation to read\n the value from the font value. An attacker may leverage\n that by crafting a malicious font file which has a name\n with UINT32_MAX, leading to read_section_as_string() to\n an arithmetic overflow, zero-sized allocation and\n further heap-based buffer\n overflow.(CVE-2020-14310)There is an issue with grub2\n before version 2.06 while handling symlink on ext\n filesystems. A filesystem containing a symbolic link\n with an inode size of UINT32_MAX causes an arithmetic\n overflow leading to a zero-sized memory allocation with\n subsequent heap-based buffer\n overflow.(CVE-2020-14311)GRUB2 contains a race\n condition in grub_script_function_create() leading to a\n use-after-free vulnerability which can be triggered by\n redefining a function whilst the same function is\n already executing, leading to arbitrary code execution\n and secure boot restriction bypass. This issue affects\n GRUB2 version 2.04 and prior\n versions.(CVE-2020-15706)Integer overflows were\n discovered in the functions grub_cmd_initrd and\n grub_initrd_init in the efilinux component of GRUB2, as\n shipped in Debian, Red Hat, and Ubuntu (the\n functionality is not included in GRUB2 upstream),\n leading to a heap-based buffer overflow. These could be\n triggered by an extremely large number of arguments to\n the initrd command on 32-bit architectures, or a\n crafted filesystem with very large files on any\n architecture. An attacker could use this to execute\n arbitrary code and bypass UEFI Secure Boot\n restrictions. This issue affects GRUB2 version 2.04 and\n prior versions.(CVE-2020-15707)In grub2 versions before\n 2.06 the grub memory allocator doesn't check for\n possible arithmetic overflows on the requested\n allocation size. This leads the function to return\n invalid memory allocations which can be further used to\n cause possible integrity, confidentiality and\n availability impacts during the boot\n process.(CVE-2020-14308)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1853\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?544eb392\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-62.h25.eulerosv2r8\",\n \"grub2-efi-aa64-2.02-62.h25.eulerosv2r8\",\n \"grub2-efi-aa64-cdboot-2.02-62.h25.eulerosv2r8\",\n \"grub2-efi-aa64-modules-2.02-62.h25.eulerosv2r8\",\n \"grub2-tools-2.02-62.h25.eulerosv2r8\",\n \"grub2-tools-extra-2.02-62.h25.eulerosv2r8\",\n \"grub2-tools-minimal-2.02-62.h25.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:25", "description": "According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-10713)\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.\n These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15707)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15706)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.(CVE-2020-14311)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.(CVE-2020-14310)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size.\n The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.(CVE-2020-14309)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.(CVE-2020-14308)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2021-1601)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1601.NASL", "href": "https://www.tenable.com/plugins/nessus/147445", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147445);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2021-1601)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in grub2, prior to version 2.06. An\n attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows\n the bypass of Secure Boot protections. In order to load\n an untrusted or modified kernel, an attacker would\n first need to establish access to the system such as\n gaining physical access, obtain the ability to alter a\n pxe-boot network, or have remote access to a networked\n system with root access. With this access, an attacker\n could then craft a string to cause a buffer overflow by\n injecting a malicious payload that leads to arbitrary\n code execution within GRUB. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-10713)\n\n - Integer overflows were discovered in the functions\n grub_cmd_initrd and grub_initrd_init in the efilinux\n component of GRUB2, as shipped in Debian, Red Hat, and\n Ubuntu (the functionality is not included in GRUB2\n upstream), leading to a heap-based buffer overflow.\n These could be triggered by an extremely large number\n of arguments to the initrd command on 32-bit\n architectures, or a crafted filesystem with very large\n files on any architecture. An attacker could use this\n to execute arbitrary code and bypass UEFI Secure Boot\n restrictions. This issue affects GRUB2 version 2.04 and\n prior versions.(CVE-2020-15707)\n\n - GRUB2 contains a race condition in\n grub_script_function_create() leading to a\n use-after-free vulnerability which can be triggered by\n redefining a function whilst the same function is\n already executing, leading to arbitrary code execution\n and secure boot restriction bypass. This issue affects\n GRUB2 version 2.04 and prior versions.(CVE-2020-15706)\n\n - There is an issue with grub2 before version 2.06 while\n handling symlink on ext filesystems. A filesystem\n containing a symbolic link with an inode size of\n UINT32_MAX causes an arithmetic overflow leading to a\n zero-sized memory allocation with subsequent heap-based\n buffer overflow.(CVE-2020-14311)\n\n - There is an issue on grub2 before version 2.06 at\n function read_section_as_string(). It expects a font\n name to be at max UINT32_MAX - 1 length in bytes but it\n doesn't verify it before proceed with buffer allocation\n to read the value from the font value. An attacker may\n leverage that by crafting a malicious font file which\n has a name with UINT32_MAX, leading to\n read_section_as_string() to an arithmetic overflow,\n zero-sized allocation and further heap-based buffer\n overflow.(CVE-2020-14310)\n\n - There's an issue with grub2 in all versions before 2.06\n when handling squashfs filesystems containing a\n symbolic link with name length of UINT32 bytes in size.\n The name size leads to an arithmetic overflow leading\n to a zero-size allocation further causing a heap-based\n buffer overflow with attacker controlled\n data.(CVE-2020-14309)\n\n - In grub2 versions before 2.06 the grub memory allocator\n doesn't check for possible arithmetic overflows on the\n requested allocation size. This leads the function to\n return invalid memory allocations which can be further\n used to cause possible integrity, confidentiality and\n availability impacts during the boot\n process.(CVE-2020-14308)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1601\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e554f72\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-73.h20.eulerosv2r9\",\n \"grub2-efi-aa64-2.02-73.h20.eulerosv2r9\",\n \"grub2-efi-aa64-modules-2.02-73.h20.eulerosv2r9\",\n \"grub2-tools-2.02-73.h20.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:18", "description": "This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nUse gcc-9 compiler for overflow check builtins\n\nBackport gcc-9 build fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : grub2 (SUSE-SU-2020:2073-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2073-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139173", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2073-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139173);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"SUSE SLES15 Security Update : grub2 (SUSE-SU-2020:2073-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n(bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for\nbuffer allocations may include unvalidated data\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nUse gcc-9 compiler for overflow check builtins\n\nBackport gcc-9 build fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10713/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14308/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14309/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15706/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15707/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202073-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ff223fcf\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2073=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-2073=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2073=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-2073=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"grub2-2.02-19.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"grub2-debuginfo-2.02-19.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"grub2-debugsource-2.02-19.48.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-19.48.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:54", "description": "This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for buffer\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2074-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2074-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139174", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2074-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139174);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2074-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n(bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for\nbuffer\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10713/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14308/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14309/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15706/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15707/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202074-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6a603b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2020-2074=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2074=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.04-9.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"grub2-2.04-9.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"grub2-debuginfo-2.04-9.7.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"grub2-debugsource-2.04-9.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.04-9.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"grub2-2.04-9.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"grub2-debuginfo-2.04-9.7.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"grub2-debugsource-2.04-9.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:32", "description": "This update for grub2 fixes the following issues :\n\n - Fix for CVE-2020-10713 (bsc#1168994)\n\n - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)\n\n - Fix for CVE-2020-15706 (bsc#1174463)\n\n - Fix for CVE-2020-15707 (bsc#1174570)\n\n - Use overflow checking primitives where the arithmetic expression for buffer\n\n - Use grub_calloc for overflow check and return NULL when it would occur \n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2020-08-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : grub2 (openSUSE-2020-1169)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:grub2", "p-cpe:/a:novell:opensuse:grub2-branding-upstream", "p-cpe:/a:novell:opensuse:grub2-debuginfo", "p-cpe:/a:novell:opensuse:grub2-debugsource", "p-cpe:/a:novell:opensuse:grub2-i386-efi", "p-cpe:/a:novell:opensuse:grub2-i386-efi-debug", "p-cpe:/a:novell:opensuse:grub2-i386-pc", "p-cpe:/a:novell:opensuse:grub2-i386-pc-debug", "p-cpe:/a:novell:opensuse:grub2-i386-xen", "p-cpe:/a:novell:opensuse:grub2-snapper-plugin", "p-cpe:/a:novell:opensuse:grub2-systemd-sleep-plugin", "p-cpe:/a:novell:opensuse:grub2-x86_64-efi", "p-cpe:/a:novell:opensuse:grub2-x86_64-efi-debug", "p-cpe:/a:novell:opensuse:grub2-x86_64-xen", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1169.NASL", "href": "https://www.tenable.com/plugins/nessus/139449", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1169.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139449);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"openSUSE Security Update : grub2 (openSUSE-2020-1169)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for grub2 fixes the following issues :\n\n - Fix for CVE-2020-10713 (bsc#1168994)\n\n - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310,\n CVE-2020-14311 (bsc#1173812)\n\n - Fix for CVE-2020-15706 (bsc#1174463)\n\n - Fix for CVE-2020-15707 (bsc#1174570)\n\n - Use overflow checking primitives where the arithmetic\n expression for buffer\n\n - Use grub_calloc for overflow check and return NULL when\n it would occur \n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174570\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-efi-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-pc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-snapper-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-systemd-sleep-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-x86_64-efi-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-x86_64-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-branding-upstream-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-debuginfo-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-debugsource-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-efi-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-efi-debug-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-pc-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-pc-debug-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-xen-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-snapper-plugin-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-systemd-sleep-plugin-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-x86_64-efi-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-x86_64-efi-debug-2.04-lp152.7.3.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-x86_64-xen-2.04-lp152.7.3.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2 / grub2-branding-upstream / grub2-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:24", "description": "This update for grub2 fixes the following issues :\n\nCVE-2020-10713 (bsc#1168994)\n\nCVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)\n\nCVE-2020-15706 (bsc#1174463)\n\nCVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2077-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-2077-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139176", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2077-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139176);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2020:2077-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for grub2 fixes the following issues :\n\nCVE-2020-10713 (bsc#1168994)\n\nCVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n(bsc#1173812)\n\nCVE-2020-15706 (bsc#1174463)\n\nCVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for\nbuffer allocations may include unvalidated data\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10713/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14308/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14309/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15706/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15707/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202077-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1acd6c8f\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP1-2020-2077=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2077=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-26.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"grub2-2.02-26.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"grub2-debuginfo-2.02-26.25.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"grub2-debugsource-2.02-26.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-26.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"grub2-2.02-26.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"grub2-debuginfo-2.02-26.25.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"grub2-debugsource-2.02-26.25.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:09:34", "description": "This update for grub2 fixes the following issues :\n\n - CVE-2020-10713 (bsc#1168994)\n\n - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)\n\n - CVE-2020-15706 (bsc#1174463)\n\n - CVE-2020-15707 (bsc#1174570)\n\n - Use overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data\n\n - Use grub_calloc for overflow check and return NULL when it would occur \n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {}, "published": "2020-08-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : grub2 (openSUSE-2020-1168)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:grub2", "p-cpe:/a:novell:opensuse:grub2-branding-upstream", "p-cpe:/a:novell:opensuse:grub2-debuginfo", "p-cpe:/a:novell:opensuse:grub2-debugsource", "p-cpe:/a:novell:opensuse:grub2-i386-efi", "p-cpe:/a:novell:opensuse:grub2-i386-pc", "p-cpe:/a:novell:opensuse:grub2-i386-xen", "p-cpe:/a:novell:opensuse:grub2-snapper-plugin", "p-cpe:/a:novell:opensuse:grub2-systemd-sleep-plugin", "p-cpe:/a:novell:opensuse:grub2-x86_64-efi", "p-cpe:/a:novell:opensuse:grub2-x86_64-xen", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1168.NASL", "href": "https://www.tenable.com/plugins/nessus/139448", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1168.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139448);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"openSUSE Security Update : grub2 (openSUSE-2020-1168)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for grub2 fixes the following issues :\n\n - CVE-2020-10713 (bsc#1168994)\n\n - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310,\n CVE-2020-14311 (bsc#1173812)\n\n - CVE-2020-15706 (bsc#1174463)\n\n - CVE-2020-15707 (bsc#1174570)\n\n - Use overflow checking primitives where the arithmetic\n expression for buffer allocations may include\n unvalidated data\n\n - Use grub_calloc for overflow check and return NULL when\n it would occur \n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174570\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-snapper-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-systemd-sleep-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-x86_64-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-branding-upstream-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-debuginfo-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-debugsource-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-i386-efi-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-i386-pc-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-i386-xen-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-snapper-plugin-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-systemd-sleep-plugin-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-x86_64-efi-2.02-lp151.21.21.4\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"grub2-x86_64-xen-2.02-lp151.21.21.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2 / grub2-branding-upstream / grub2-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:08:28", "description": "According to the versions of the grub2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow.\n These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15707)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15706)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.(CVE-2020-14311)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.(CVE-2020-14310)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size.\n The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.(CVE-2020-14309)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.(CVE-2020-14308)\n\n - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.(CVE-2020-15705)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-09-29T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2020-2000)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-2000.NASL", "href": "https://www.tenable.com/plugins/nessus/140948", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140948);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2020-2000)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - Integer overflows were discovered in the functions\n grub_cmd_initrd and grub_initrd_init in the efilinux\n component of GRUB2, as shipped in Debian, Red Hat, and\n Ubuntu (the functionality is not included in GRUB2\n upstream), leading to a heap-based buffer overflow.\n These could be triggered by an extremely large number\n of arguments to the initrd command on 32-bit\n architectures, or a crafted filesystem with very large\n files on any architecture. An attacker could use this\n to execute arbitrary code and bypass UEFI Secure Boot\n restrictions. This issue affects GRUB2 version 2.04 and\n prior versions.(CVE-2020-15707)\n\n - GRUB2 contains a race condition in\n grub_script_function_create() leading to a\n use-after-free vulnerability which can be triggered by\n redefining a function whilst the same function is\n already executing, leading to arbitrary code execution\n and secure boot restriction bypass. This issue affects\n GRUB2 version 2.04 and prior versions.(CVE-2020-15706)\n\n - There is an issue with grub2 before version 2.06 while\n handling symlink on ext filesystems. A filesystem\n containing a symbolic link with an inode size of\n UINT32_MAX causes an arithmetic overflow leading to a\n zero-sized memory allocation with subsequent heap-based\n buffer overflow.(CVE-2020-14311)\n\n - There is an issue on grub2 before version 2.06 at\n function read_section_as_string(). It expects a font\n name to be at max UINT32_MAX - 1 length in bytes but it\n doesn't verify it before proceed with buffer allocation\n to read the value from the font value. An attacker may\n leverage that by crafting a malicious font file which\n has a name with UINT32_MAX, leading to\n read_section_as_string() to an arithmetic overflow,\n zero-sized allocation and further heap-based buffer\n overflow.(CVE-2020-14310)\n\n - There's an issue with grub2 in all versions before 2.06\n when handling squashfs filesystems containing a\n symbolic link with name length of UINT32 bytes in size.\n The name size leads to an arithmetic overflow leading\n to a zero-size allocation further causing a heap-based\n buffer overflow with attacker controlled\n data.(CVE-2020-14309)\n\n - In grub2 versions before 2.06 the grub memory allocator\n doesn't check for possible arithmetic overflows on the\n requested allocation size. This leads the function to\n return invalid memory allocations which can be further\n used to cause possible integrity, confidentiality and\n availability impacts during the boot\n process.(CVE-2020-14308)\n\n - GRUB2 fails to validate kernel signature when booted\n directly without shim, allowing secure boot to be\n bypassed. This only affects systems where the kernel\n signing certificate has been imported directly into the\n secure boot database and the GRUB image is booted\n directly without the use of shim. This issue affects\n GRUB2 version 2.04 and prior versions.(CVE-2020-15705)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2000\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1436ffb8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-62.h27.eulerosv2r8\",\n \"grub2-efi-aa64-2.02-62.h27.eulerosv2r8\",\n \"grub2-efi-aa64-modules-2.02-62.h27.eulerosv2r8\",\n \"grub2-tools-2.02-62.h27.eulerosv2r8\",\n \"grub2-tools-extra-2.02-62.h27.eulerosv2r8\",\n \"grub2-tools-minimal-2.02-62.h27.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:21", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14440-1 advisory.\n\n - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-10713)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. (CVE-2020-14308)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. (CVE-2020-14309)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. (CVE-2020-14310)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. (CVE-2020-14311)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15706)\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : grub2 (SUSE-SU-2020:14440-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2-x86_64-efi", "p-cpe:/a:novell:suse_linux:grub2-x86_64-xen", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2020-14440-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150632", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2020:14440-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150632);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2020:14440-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"SUSE SLES11 Security Update : grub2 (SUSE-SU-2020:14440-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2020:14440-1 advisory.\n\n - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to\n load an untrusted or modified kernel, an attacker would first need to establish access to the system such\n as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a\n networked system with root access. With this access, an attacker could then craft a string to cause a\n buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The\n highest threat from this vulnerability is to data confidentiality and integrity as well as system\n availability. (CVE-2020-10713)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on\n the requested allocation size. This leads the function to return invalid memory allocations which can be\n further used to cause possible integrity, confidentiality and availability impacts during the boot\n process. (CVE-2020-14308)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a\n symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow\n leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled\n data. (CVE-2020-14309)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font\n name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer\n allocation to read the value from the font value. An attacker may leverage that by crafting a malicious\n font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow,\n zero-sized allocation and further heap-based buffer overflow. (CVE-2020-14310)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem\n containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a\n zero-sized memory allocation with subsequent heap-based buffer overflow. (CVE-2020-14311)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability\n which can be triggered by redefining a function whilst the same function is already executing, leading to\n arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and\n prior versions. (CVE-2020-15706)\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux\n component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2\n upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number\n of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files\n on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot\n restrictions. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1084632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1168994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1174570\");\n # https://lists.suse.com/pipermail/sle-security-updates/2020-July/007201.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c4a207db\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15707\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2-x86_64-efi and / or grub2-x86_64-xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'grub2-x86_64-efi-2.00-0.66.15', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'grub2-x86_64-xen-2.00-0.66.15', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},\n {'reference':'grub2-x86_64-efi-2.00-0.66.15', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},\n {'reference':'grub2-x86_64-xen-2.00-0.66.15', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2-x86_64-efi / grub2-x86_64-xen');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:19", "description": "This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data\n\nUse gcc-9 compiler for overflow check builtins\n\nBackport gcc-9 build fixes\n\nFix packed-not-aligned error on GCC 8 (bsc#1084632)\n\nBackport gcc-7 build fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2076-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-i386-pc", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "p-cpe:/a:novell:suse_linux:grub2-x86_64-efi", "p-cpe:/a:novell:suse_linux:grub2-x86_64-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2076-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139175", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2076-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139175);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2076-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n(bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for\nbuffer allocations may include unvalidated data\n\nUse gcc-9 compiler for overflow check builtins\n\nBackport gcc-9 build fixes\n\nFix packed-not-aligned error on GCC 8 (bsc#1084632)\n\nBackport gcc-7 build fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10713/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14308/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14309/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15706/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15707/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202076-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ff25309d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-2076=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2076=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2076=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2076=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-i386-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"grub2-i386-pc-2.02~beta2-115.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"grub2-x86_64-efi-2.02~beta2-115.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"grub2-x86_64-xen-2.02~beta2-115.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02~beta2-115.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"grub2-2.02~beta2-115.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"grub2-debuginfo-2.02~beta2-115.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"grub2-debugsource-2.02~beta2-115.49.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:52", "description": "This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nUse gcc-9 compiler for overflow check builtins\n\nBackport gcc-9 build fixes\n\nFix packed-not-aligned error on GCC 8 (bsc#1084632)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2079-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-i386-pc", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "p-cpe:/a:novell:suse_linux:grub2-x86_64-efi", "p-cpe:/a:novell:suse_linux:grub2-x86_64-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2079-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139178", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2079-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139178);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2079-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n(bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for\nbuffer allocations may include unvalidated data\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nUse gcc-9 compiler for overflow check builtins\n\nBackport gcc-9 build fixes\n\nFix packed-not-aligned error on GCC 8 (bsc#1084632)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10713/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14308/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14309/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15706/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15707/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202079-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?03fdfd67\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2079=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-2079=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2079=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2079=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2079=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-2079=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-2079=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-i386-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"grub2-i386-pc-2.02-4.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"grub2-x86_64-efi-2.02-4.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"grub2-x86_64-xen-2.02-4.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-4.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"grub2-2.02-4.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"grub2-debuginfo-2.02-4.53.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"grub2-debugsource-2.02-4.53.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:22", "description": "Several vulnerabilities have been discovered in the GRUB2 bootloader.\n\n - CVE-2020-10713 A flaw in the grub.cfg parsing code was found allowing to break UEFI Secure Boot and load arbitrary code.\n Details can be found at https://www.eclypsium.com/2020/07/29/theres-a-hole-in-th e-boot/\n\n - CVE-2020-14308 It was discovered that grub_malloc does not validate the allocation size allowing for arithmetic overflow and subsequently a heap-based buffer overflow.\n\n - CVE-2020-14309 An integer overflow in grub_squash_read_symlink may lead to a heap based buffer overflow.\n\n - CVE-2020-14310 An integer overflow in read_section_from_string may lead to a heap based buffer overflow.\n\n - CVE-2020-14311 An integer overflow in grub_ext2_read_link may lead to a heap-based buffer overflow.\n\n - CVE-2020-15706 script: Avoid a use-after-free when redefining a function during execution.\n\n - CVE-2020-15707 An integer overflow flaw was found in the initrd size handling.\n\nFurther detailed information can be found at https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "Debian DSA-4735-1 : grub2 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:grub2", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4735.NASL", "href": "https://www.tenable.com/plugins/nessus/139099", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4735. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139099);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2020-10713\", \"CVE-2020-14308\", \"CVE-2020-14309\", \"CVE-2020-14310\", \"CVE-2020-14311\", \"CVE-2020-15706\", \"CVE-2020-15707\");\n script_xref(name:\"DSA\", value:\"4735\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"Debian DSA-4735-1 : grub2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the GRUB2 bootloader.\n\n - CVE-2020-10713\n A flaw in the grub.cfg parsing code was found allowing\n to break UEFI Secure Boot and load arbitrary code.\n Details can be found at\n https://www.eclypsium.com/2020/07/29/theres-a-hole-in-th\n e-boot/\n\n - CVE-2020-14308\n It was discovered that grub_malloc does not validate the\n allocation size allowing for arithmetic overflow and\n subsequently a heap-based buffer overflow.\n\n - CVE-2020-14309\n An integer overflow in grub_squash_read_symlink may lead\n to a heap based buffer overflow.\n\n - CVE-2020-14310\n An integer overflow in read_section_from_string may lead\n to a heap based buffer overflow.\n\n - CVE-2020-14311\n An integer overflow in grub_ext2_read_link may lead to a\n heap-based buffer overflow.\n\n - CVE-2020-15706\n script: Avoid a use-after-free when redefining a\n function during execution.\n\n - CVE-2020-15707\n An integer overflow flaw was found in the initrd size\n handling.\n\nFurther detailed information can be found at\nhttps://www.debian.org/security/2020-GRUB-UEFI-SecureBoot\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-10713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-14308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-14309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-14310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-14311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-15706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-15707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/grub2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/grub2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4735\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the grub2 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.02+dfsg1-20+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"grub-common\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-coreboot\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-coreboot-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-coreboot-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-amd64\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-amd64-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-amd64-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-amd64-signed-template\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm64\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm64-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm64-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm64-signed-template\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-ia32\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-ia32-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-ia32-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-ia32-signed-template\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-emu\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-emu-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-firmware-qemu\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-ieee1275\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-ieee1275-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-ieee1275-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-linuxbios\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-mount-udeb\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-pc\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-pc-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-pc-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-rescue-pc\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-theme-starfield\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-uboot\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-uboot-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-uboot-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-xen\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-xen-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-xen-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-xen-host\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-yeeloong\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-yeeloong-bin\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-yeeloong-dbg\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub2\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub2-common\", reference:\"2.02+dfsg1-20+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:08:00", "description": "This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for buffer allocations may include unvalidated data\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nUse gcc-9 compiler for overflow check builtins\n\nBackport gcc-9 build fixes\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2078-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-i386-pc", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "p-cpe:/a:novell:suse_linux:grub2-x86_64-efi", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-2078-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139177", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:2078-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139177);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"SUSE SLES12 Security Update : grub2 (SUSE-SU-2020:2078-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for grub2 fixes the following issues :\n\nFix for CVE-2020-10713 (bsc#1168994)\n\nFix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n(bsc#1173812)\n\nFix for CVE-2020-15706 (bsc#1174463)\n\nFix for CVE-2020-15707 (bsc#1174570)\n\nUse overflow checking primitives where the arithmetic expression for\nbuffer allocations may include unvalidated data\n\nUse grub_calloc for overflow check and return NULL when it would occur\n\nUse gcc-9 compiler for overflow check builtins\n\nBackport gcc-9 build fixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10713/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14308/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14309/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-14311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15706/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15707/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20202078-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?327c02b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2078=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2020-2078=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2078=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2078=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2078=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-i386-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"grub2-i386-pc-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"grub2-x86_64-efi-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"grub2-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"grub2-debuginfo-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"grub2-debugsource-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"grub2-i386-pc-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"grub2-x86_64-efi-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"grub2-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"grub2-debuginfo-2.02-12.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"grub2-debugsource-2.02-12.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:21:30", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3223 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "RHEL 8 : grub2 (RHSA-2020:3223)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:fwupd", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal", "p-cpe:/a:redhat:enterprise_linux:shim-aa64", "p-cpe:/a:redhat:enterprise_linux:shim-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64", "p-cpe:/a:redhat:enterprise_linux:shim-x64"], "id": "REDHAT-RHSA-2020-3223.NASL", "href": "https://www.tenable.com/plugins/nessus/139193", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3223. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139193);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3223\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"RHEL 8 : grub2 (RHSA-2020:3223)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3223 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(78, 122, 190, 416, 440, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.1.4-2.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-common-2.02-87.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-87.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-87.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_1', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'shim-aa64-15-14.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15-14.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-7.el8', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-14.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / grub2-common / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:56", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3216 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : grub2 (CESA-2020:3216)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:grub2-common", "p-cpe:/a:centos:centos:grub2-efi-aa64", "p-cpe:/a:centos:centos:grub2-efi-aa64-cdboot", "p-cpe:/a:centos:centos:grub2-efi-aa64-modules", "p-cpe:/a:centos:centos:grub2-efi-ia32", "p-cpe:/a:centos:centos:grub2-efi-ia32-cdboot", "p-cpe:/a:centos:centos:grub2-efi-ia32-modules", "p-cpe:/a:centos:centos:grub2-efi-x64", "p-cpe:/a:centos:centos:grub2-efi-x64-cdboot", "p-cpe:/a:centos:centos:grub2-efi-x64-modules", "p-cpe:/a:centos:centos:grub2-pc", "p-cpe:/a:centos:centos:grub2-pc-modules", "p-cpe:/a:centos:centos:grub2-ppc64le", "p-cpe:/a:centos:centos:grub2-ppc64le-modules", "p-cpe:/a:centos:centos:grub2-tools", "p-cpe:/a:centos:centos:grub2-tools-efi", "p-cpe:/a:centos:centos:grub2-tools-extra", "p-cpe:/a:centos:centos:grub2-tools-minimal", "p-cpe:/a:centos:centos:shim-unsigned-x64"], "id": "CENTOS8_RHSA-2020-3216.NASL", "href": "https://www.tenable.com/plugins/nessus/146030", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:3216. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146030);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3216\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"CentOS 8 : grub2 (CESA-2020:3216)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3216 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3216\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:shim-unsigned-x64\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'grub2-common-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'shim-unsigned-x64-15-7.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2-common / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:52", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has grub2 packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-10713)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. (CVE-2020-14308)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. (CVE-2020-14311)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. (CVE-2020-14309)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. (CVE-2020-14310)\n\n - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15705)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15706)\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : grub2 Multiple Vulnerabilities (NS-SA-2021-0008)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0008_GRUB2.NASL", "href": "https://www.tenable.com/plugins/nessus/147274", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0008. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147274);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : grub2 Multiple Vulnerabilities (NS-SA-2021-0008)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has grub2 packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to\n load an untrusted or modified kernel, an attacker would first need to establish access to the system such\n as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a\n networked system with root access. With this access, an attacker could then craft a string to cause a\n buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The\n highest threat from this vulnerability is to data confidentiality and integrity as well as system\n availability. (CVE-2020-10713)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on\n the requested allocation size. This leads the function to return invalid memory allocations which can be\n further used to cause possible integrity, confidentiality and availability impacts during the boot\n process. (CVE-2020-14308)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem\n containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a\n zero-sized memory allocation with subsequent heap-based buffer overflow. (CVE-2020-14311)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a\n symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow\n leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled\n data. (CVE-2020-14309)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font\n name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer\n allocation to read the value from the font value. An attacker may leverage that by crafting a malicious\n font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow,\n zero-sized allocation and further heap-based buffer overflow. (CVE-2020-14310)\n\n - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be\n bypassed. This only affects systems where the kernel signing certificate has been imported directly into\n the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects\n GRUB2 version 2.04 and prior versions. (CVE-2020-15705)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability\n which can be triggered by redefining a function whilst the same function is already executing, leading to\n arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and\n prior versions. (CVE-2020-15706)\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux\n component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2\n upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number\n of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files\n on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot\n restrictions. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0008\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL grub2 packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'grub2-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-common-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-debuginfo-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-efi-ia32-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-efi-ia32-cdboot-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-efi-ia32-modules-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-efi-x64-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-efi-x64-cdboot-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-efi-x64-modules-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-i386-modules-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-lang-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-pc-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-pc-modules-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-tools-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-tools-extra-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite',\n 'grub2-tools-minimal-2.02-0.86.el7.centos.cgslv5.0.6.gd5cefb9.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'grub2-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-common-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-debuginfo-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-efi-ia32-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-efi-ia32-cdboot-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-efi-ia32-modules-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-efi-x64-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-efi-x64-cdboot-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-efi-x64-modules-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-i386-modules-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-pc-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-pc-modules-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-tools-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-tools-extra-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca',\n 'grub2-tools-minimal-2.02-0.86.el7.centos.cgslv5.0.4.g2c2efca'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:05:20", "description": "An update of the grub2 package has been released.", "cvss3": {}, "published": "2020-08-01T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Grub2 PHSA-2020-2.0-0267", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:grub2", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0267_GRUB2.NASL", "href": "https://www.tenable.com/plugins/nessus/139243", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0267. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139243);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"Photon OS 2.0: Grub2 PHSA-2020-2.0-0267\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the grub2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-267.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"grub2-2.04-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"grub2-efi-2.04-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"grub2-lang-2.04-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"grub2-pc-2.04-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:52", "description": "Description of changes:\n\n[2.02-81.0.3]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : grub2 (ELSA-2020-5782)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:grub2", "p-cpe:/a:oracle:linux:grub2-common", "p-cpe:/a:oracle:linux:grub2-efi-ia32", "p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-ia32-modules", "p-cpe:/a:oracle:linux:grub2-efi-x64", "p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-x64-modules", "p-cpe:/a:oracle:linux:grub2-pc", "p-cpe:/a:oracle:linux:grub2-pc-modules", "p-cpe:/a:oracle:linux:grub2-tools", "p-cpe:/a:oracle:linux:grub2-tools-extra", "p-cpe:/a:oracle:linux:grub2-tools-minimal", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-5782.NASL", "href": "https://www.tenable.com/plugins/nessus/139164", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5782.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139164);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"Oracle Linux 7 : grub2 (ELSA-2020-5782)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Description of changes:\n\n[2.02-81.0.3]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, \nCVE-2020-14311,\nCVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2020-July/010163.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-common-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-efi-ia32-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-efi-ia32-cdboot-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-efi-ia32-modules-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-efi-x64-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-efi-x64-cdboot-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-efi-x64-modules-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-pc-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-pc-modules-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-tools-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-tools-extra-2.02-0.81.0.3.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"grub2-tools-minimal-2.02-0.81.0.3.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2 / grub2-common / grub2-efi-ia32 / grub2-efi-ia32-cdboot / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:53", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3217 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-31T00:00:00", "type": "nessus", "title": "CentOS 7 : grub2 (CESA-2020:3217)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:grub2", "p-cpe:/a:centos:centos:grub2-common", "p-cpe:/a:centos:centos:grub2-efi-ia32", "p-cpe:/a:centos:centos:grub2-efi-ia32-cdboot", "p-cpe:/a:centos:centos:grub2-efi-ia32-modules", "p-cpe:/a:centos:centos:grub2-efi-x64", "p-cpe:/a:centos:centos:grub2-efi-x64-cdboot", "p-cpe:/a:centos:centos:grub2-efi-x64-modules", "p-cpe:/a:centos:centos:grub2-i386-modules", "p-cpe:/a:centos:centos:grub2-pc", "p-cpe:/a:centos:centos:grub2-pc-modules", "p-cpe:/a:centos:centos:grub2-tools", "p-cpe:/a:centos:centos:grub2-tools-extra", "p-cpe:/a:centos:centos:grub2-tools-minimal", "p-cpe:/a:centos:centos:mokutil", "p-cpe:/a:centos:centos:shim-ia32", "p-cpe:/a:centos:centos:shim-unsigned-ia32", "p-cpe:/a:centos:centos:shim-unsigned-x64", "p-cpe:/a:centos:centos:shim-x64", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-3217.NASL", "href": "https://www.tenable.com/plugins/nessus/139236", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3217 and\n# CentOS Errata and Security Advisory 2020:3217 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139236);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3217\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"CentOS 7 : grub2 (CESA-2020:3217)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:3217 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2020-July/035781.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c42bb45f\");\n # https://lists.centos.org/pipermail/centos-announce/2020-July/035783.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c580a639\");\n # https://lists.centos.org/pipermail/centos-announce/2020-July/035784.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7da4e0c5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/78.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/440.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(78, 122, 190, 416, 440, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-i386-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mokutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:shim-unsigned-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:shim-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'grub2-2.02-0.86.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'grub2-common-2.02-0.86.el7.centos', 'release':'CentOS-7'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7.centos', 'release':'CentOS-7'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7.centos', 'release':'CentOS-7'},\n {'reference':'grub2-i386-modules-2.02-0.86.el7.centos', 'release':'CentOS-7'},\n {'reference':'grub2-pc-2.02-0.86.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7.centos', 'release':'CentOS-7'},\n {'reference':'grub2-tools-2.02-0.86.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'mokutil-15-7.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'shim-ia32-15-7.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'shim-unsigned-ia32-15-7.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'shim-unsigned-x64-15-7.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'},\n {'reference':'shim-x64-15-7.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-efi-ia32 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:21:37", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3217 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2020:3217)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:fwupdate-efi", "p-cpe:/a:redhat:enterprise_linux:fwupdate-libs", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal", "p-cpe:/a:redhat:enterprise_linux:mokutil", "p-cpe:/a:redhat:enterprise_linux:shim-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64", "p-cpe:/a:redhat:enterprise_linux:shim-x64", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:fwupdate", "p-cpe:/a:redhat:enterprise_linux:fwupdate-devel"], "id": "REDHAT-RHSA-2020-3217.NASL", "href": "https://www.tenable.com/plugins/nessus/139198", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3217. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139198);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3217\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2020:3217)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3217 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(78, 122, 190, 416, 440, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mokutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupdate-12-6.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-devel-12-6.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-efi-12-6.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-libs-12-6.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-2.02-0.86.el7_8', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_8', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-2.02-0.86.el7_8', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-0.86.el7_8', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_8', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_8', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_8', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_8', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_8', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_8', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mokutil-15-7.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15-7.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-ia32-15-7.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-7.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-7.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupdate / fwupdate-devel / fwupdate-efi / fwupdate-libs / grub2 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:04", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has grub2 packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-10713)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. (CVE-2020-14308)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. (CVE-2020-14309)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. (CVE-2020-14310)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. (CVE-2020-14311)\n\n - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15705)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15706)\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : grub2 Multiple Vulnerabilities (NS-SA-2021-0139)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:grub2", "p-cpe:/a:zte:cgsl_core:grub2-common", "p-cpe:/a:zte:cgsl_core:grub2-debuginfo", "p-cpe:/a:zte:cgsl_core:grub2-efi-ia32", "p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-cdboot", "p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-modules", "p-cpe:/a:zte:cgsl_core:grub2-efi-x64", "p-cpe:/a:zte:cgsl_core:grub2-efi-x64-cdboot", "p-cpe:/a:zte:cgsl_core:grub2-efi-x64-modules", "p-cpe:/a:zte:cgsl_core:grub2-i386-modules", "p-cpe:/a:zte:cgsl_core:grub2-lang", "p-cpe:/a:zte:cgsl_core:grub2-pc", "p-cpe:/a:zte:cgsl_core:grub2-pc-modules", "p-cpe:/a:zte:cgsl_core:grub2-tools", "p-cpe:/a:zte:cgsl_core:grub2-tools-extra", "p-cpe:/a:zte:cgsl_core:grub2-tools-minimal", "p-cpe:/a:zte:cgsl_main:grub2", "p-cpe:/a:zte:cgsl_main:grub2-common", "p-cpe:/a:zte:cgsl_main:grub2-debuginfo", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-cdboot", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-modules", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64-cdboot", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64-modules", "p-cpe:/a:zte:cgsl_main:grub2-i386-modules", "p-cpe:/a:zte:cgsl_main:grub2-pc", "p-cpe:/a:zte:cgsl_main:grub2-pc-modules", "p-cpe:/a:zte:cgsl_main:grub2-tools", "p-cpe:/a:zte:cgsl_main:grub2-tools-extra", "p-cpe:/a:zte:cgsl_main:grub2-tools-minimal", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0139_GRUB2.NASL", "href": "https://www.tenable.com/plugins/nessus/154470", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0139. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154470);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : grub2 Multiple Vulnerabilities (NS-SA-2021-0139)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has grub2 packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to\n load an untrusted or modified kernel, an attacker would first need to establish access to the system such\n as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a\n networked system with root access. With this access, an attacker could then craft a string to cause a\n buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The\n highest threat from this vulnerability is to data confidentiality and integrity as well as system\n availability. (CVE-2020-10713)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on\n the requested allocation size. This leads the function to return invalid memory allocations which can be\n further used to cause possible integrity, confidentiality and availability impacts during the boot\n process. (CVE-2020-14308)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a\n symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow\n leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled\n data. (CVE-2020-14309)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font\n name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer\n allocation to read the value from the font value. An attacker may leverage that by crafting a malicious\n font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow,\n zero-sized allocation and further heap-based buffer overflow. (CVE-2020-14310)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem\n containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a\n zero-sized memory allocation with subsequent heap-based buffer overflow. (CVE-2020-14311)\n\n - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be\n bypassed. This only affects systems where the kernel signing certificate has been imported directly into\n the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects\n GRUB2 version 2.04 and prior versions. (CVE-2020-15705)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability\n which can be triggered by redefining a function whilst the same function is already executing, leading to\n arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and\n prior versions. (CVE-2020-15706)\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux\n component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2\n upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number\n of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files\n on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot\n restrictions. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15707)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0139\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-15705\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-15707\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL grub2 packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-i386-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-i386-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'grub2-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-common-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-debuginfo-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-efi-ia32-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-efi-ia32-cdboot-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-efi-ia32-modules-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-efi-x64-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-efi-x64-cdboot-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-efi-x64-modules-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-i386-modules-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-lang-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-pc-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-pc-modules-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-tools-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-tools-extra-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite',\n 'grub2-tools-minimal-2.02-0.86.el7.centos.cgslv5_5.0.6.g4a36c9e.lite'\n ],\n 'CGSL MAIN 5.05': [\n 'grub2-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-common-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-debuginfo-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-efi-ia32-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-efi-ia32-cdboot-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-efi-ia32-modules-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-efi-x64-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-efi-x64-cdboot-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-efi-x64-modules-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-i386-modules-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-pc-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-pc-modules-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-tools-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-tools-extra-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8',\n 'grub2-tools-minimal-2.02-0.86.el7.centos.cgslv5_5.0.7.g62910b8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:04:25", "description": "An update of the grub2 package has been released.", "cvss3": {}, "published": "2020-08-01T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Grub2 PHSA-2020-1.0-0311", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:grub2", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0311_GRUB2.NASL", "href": "https://www.tenable.com/plugins/nessus/139242", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0311. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139242);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"Photon OS 1.0: Grub2 PHSA-2020-1.0-0311\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the grub2 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-311.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"grub2-2.04-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"grub2-efi-2.04-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"grub2-lang-2.04-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"grub2-pc-2.04-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:51", "description": "Description of changes:\n\n[2.02-82.0.2.el8_2.1]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : grub2 (ELSA-2020-5786)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:grub2-common", "p-cpe:/a:oracle:linux:grub2-efi-aa64-modules", "p-cpe:/a:oracle:linux:grub2-efi-ia32", "p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-ia32-modules", "p-cpe:/a:oracle:linux:grub2-efi-x64", "p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-x64-modules", "p-cpe:/a:oracle:linux:grub2-pc", "p-cpe:/a:oracle:linux:grub2-pc-modules", "p-cpe:/a:oracle:linux:grub2-tools", "p-cpe:/a:oracle:linux:grub2-tools-efi", "p-cpe:/a:oracle:linux:grub2-tools-extra", "p-cpe:/a:oracle:linux:grub2-tools-minimal", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2020-5786.NASL", "href": "https://www.tenable.com/plugins/nessus/139165", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5786.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139165);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"Oracle Linux 8 : grub2 (ELSA-2020-5786)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Description of changes:\n\n[2.02-82.0.2.el8_2.1]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, \nCVE-2020-14311,\nCVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries\");\n script_set_attribute(attribute:\"see_also\", value:\"https://oss.oracle.com/pipermail/el-errata/2020-July/010174.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-common-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-efi-aa64-modules-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-efi-ia32-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-efi-ia32-cdboot-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-efi-ia32-modules-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-efi-x64-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-efi-x64-cdboot-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-efi-x64-modules-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-pc-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-pc-modules-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-tools-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-tools-efi-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-tools-extra-2.02-82.0.2.el8_2.1\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"grub2-tools-minimal-2.02-82.0.2.el8_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2-common / grub2-efi-aa64-modules / grub2-efi-ia32 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:22:55", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3274 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-08-03T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2020:3274)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:fwupdate", "p-cpe:/a:redhat:enterprise_linux:fwupdate-devel", "p-cpe:/a:redhat:enterprise_linux:fwupdate-efi", "p-cpe:/a:redhat:enterprise_linux:fwupdate-libs", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal", "p-cpe:/a:redhat:enterprise_linux:mokutil", "p-cpe:/a:redhat:enterprise_linux:shim-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64", "p-cpe:/a:redhat:enterprise_linux:shim-x64"], "id": "REDHAT-RHSA-2020-3274.NASL", "href": "https://www.tenable.com/plugins/nessus/139294", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3274. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139294);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3274\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2020:3274)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3274 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(78, 122, 190, 416, 440, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mokutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/os',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupdate-12-6.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-devel-12-6.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-efi-12-6.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-libs-12-6.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7_7', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_7', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mokutil-15-8.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15-8.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-ia32-15-8.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-8.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-8.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupdate / fwupdate-devel / fwupdate-efi / fwupdate-libs / grub2 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:08:00", "description": "Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions.\n(CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB 2 vulnerabilities (USN-4432-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-bin", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-signed", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm-bin", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-bin", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-signed", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-ia32-bin", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "UBUNTU_USN-4432-1.NASL", "href": "https://www.tenable.com/plugins/nessus/139179", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4432-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139179);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2020-10713\", \"CVE-2020-14308\", \"CVE-2020-14309\", \"CVE-2020-14310\", \"CVE-2020-14311\", \"CVE-2020-15705\", \"CVE-2020-15706\", \"CVE-2020-15707\");\n script_xref(name:\"USN\", value:\"4432-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB 2 vulnerabilities (USN-4432-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jesse Michael and Mickey Shkatov discovered that the configuration\nparser in GRUB2 did not properly exit when errors were discovered,\nresulting in heap-based buffer overflows. A local attacker could use\nthis to execute arbitrary code and bypass UEFI Secure Boot\nrestrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2\nfunction handling code did not properly handle a function being\nredefined, leading to a use-after-free vulnerability. A local attacker\ncould use this to execute arbitrary code and bypass UEFI Secure Boot\nrestrictions. (CVE-2020-15706) Chris Coulson discovered that multiple\ninteger overflows existed in GRUB2 when handling certain filesystems\nor font files, leading to heap-based buffer overflows. A local\nattacker could use these to execute arbitrary code and bypass UEFI\nSecure Boot restrictions. (CVE-2020-14309, CVE-2020-14310,\nCVE-2020-14311) It was discovered that the memory allocator for GRUB2\ndid not validate allocation size, resulting in multiple integer\noverflows and heap-based buffer overflows when handling certain\nfilesystems, PNG images or disk metadata. A local attacker could use\nthis to execute arbitrary code and bypass UEFI Secure Boot\nrestrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that\nin certain situations, GRUB2 failed to validate kernel signatures. A\nlocal attacker could use this to bypass Secure Boot restrictions.\n(CVE-2020-15705) Colin Watson and Chris Coulson discovered that an\ninteger overflow existed in GRUB2 when handling the initrd command,\nleading to a heap-based buffer overflow. A local attacker could use\nthis to execute arbitrary code and bypass UEFI Secure Boot\nrestrictions. (CVE-2020-15707).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4432-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-signed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-signed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-ia32-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-amd64-bin\", pkgver:\"2.02~beta2-36ubuntu3.26\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-amd64-signed\", pkgver:\"1.66.26+2.02~beta2-36ubuntu3.26\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-arm-bin\", pkgver:\"2.02~beta2-36ubuntu3.26\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-arm64-bin\", pkgver:\"2.02~beta2-36ubuntu3.26\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-arm64-signed\", pkgver:\"1.66.26+2.02~beta2-36ubuntu3.26\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-ia32-bin\", pkgver:\"2.02~beta2-36ubuntu3.26\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-amd64-bin\", pkgver:\"2.02-2ubuntu8.16\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-amd64-signed\", pkgver:\"1.93.18+2.02-2ubuntu8.16\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-arm-bin\", pkgver:\"2.02-2ubuntu8.16\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-arm64-bin\", pkgver:\"2.02-2ubuntu8.16\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-arm64-signed\", pkgver:\"1.93.18+2.02-2ubuntu8.16\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-ia32-bin\", pkgver:\"2.02-2ubuntu8.16\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-amd64-bin\", pkgver:\"2.04-1ubuntu26.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-amd64-signed\", pkgver:\"1.142.3+2.04-1ubuntu26.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-arm-bin\", pkgver:\"2.04-1ubuntu26.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-arm64-bin\", pkgver:\"2.04-1ubuntu26.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-arm64-signed\", pkgver:\"1.142.3+2.04-1ubuntu26.1\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-ia32-bin\", pkgver:\"2.04-1ubuntu26.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub-efi-amd64-bin / grub-efi-amd64-signed / grub-efi-arm-bin / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:06:30", "description": "USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems (either pre-UEFI or UEFI configured in Legacy mode), preventing them from successfully booting. This update addresses the issue. Users with BIOS systems that installed GRUB2 versions from USN-4432-1 should verify that their GRUB2 installation has a correct understanding of their boot device location and installed the boot loader correctly. We apologize for the inconvenience.\n\nJesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a use-after-free vulnerability. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15706) Chris Coulson discovered that multiple integer overflows existed in GRUB2 when handling certain filesystems or font files, leading to heap-based buffer overflows. A local attacker could use these to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, CVE-2020-14310, CVE-2020-14311) It was discovered that the memory allocator for GRUB2 did not validate allocation size, resulting in multiple integer overflows and heap-based buffer overflows when handling certain filesystems, PNG images or disk metadata. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that in certain situations, GRUB2 failed to validate kernel signatures. A local attacker could use this to bypass Secure Boot restrictions.\n(CVE-2020-15705) Colin Watson and Chris Coulson discovered that an integer overflow existed in GRUB2 when handling the initrd command, leading to a heap-based buffer overflow. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-15707).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-08-06T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB2 regression (USN-4432-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-bin", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-signed", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm-bin", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-bin", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-signed", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-ia32-bin", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04"], "id": "UBUNTU_USN-4432-2.NASL", "href": "https://www.tenable.com/plugins/nessus/139365", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4432-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139365);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2020-10713\", \"CVE-2020-14308\", \"CVE-2020-14309\", \"CVE-2020-14310\", \"CVE-2020-14311\", \"CVE-2020-15705\", \"CVE-2020-15706\", \"CVE-2020-15707\");\n script_xref(name:\"USN\", value:\"4432-2\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : GRUB2 regression (USN-4432-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot\nenvironments. Unfortunately, the update introduced regressions for\nsome BIOS systems (either pre-UEFI or UEFI configured in Legacy mode),\npreventing them from successfully booting. This update addresses the\nissue. Users with BIOS systems that installed GRUB2 versions from\nUSN-4432-1 should verify that their GRUB2 installation has a correct\nunderstanding of their boot device location and installed the boot\nloader correctly. We apologize for the inconvenience.\n\nJesse Michael and Mickey Shkatov discovered that the configuration\nparser in GRUB2 did not properly exit when errors were discovered,\nresulting in heap-based buffer overflows. A local attacker could use\nthis to execute arbitrary code and bypass UEFI Secure Boot\nrestrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2\nfunction handling code did not properly handle a function being\nredefined, leading to a use-after-free vulnerability. A local attacker\ncould use this to execute arbitrary code and bypass UEFI Secure Boot\nrestrictions. (CVE-2020-15706) Chris Coulson discovered that multiple\ninteger overflows existed in GRUB2 when handling certain filesystems\nor font files, leading to heap-based buffer overflows. A local\nattacker could use these to execute arbitrary code and bypass UEFI\nSecure Boot restrictions. (CVE-2020-14309, CVE-2020-14310,\nCVE-2020-14311) It was discovered that the memory allocator for GRUB2\ndid not validate allocation size, resulting in multiple integer\noverflows and heap-based buffer overflows when handling certain\nfilesystems, PNG images or disk metadata. A local attacker could use\nthis to execute arbitrary code and bypass UEFI Secure Boot\nrestrictions. (CVE-2020-14308) Mathieu Trudel-Lapierre discovered that\nin certain situations, GRUB2 failed to validate kernel signatures. A\nlocal attacker could use this to bypass Secure Boot restrictions.\n(CVE-2020-15705) Colin Watson and Chris Coulson discovered that an\ninteger overflow existed in GRUB2 when handling the initrd command,\nleading to a heap-based buffer overflow. A local attacker could use\nthis to execute arbitrary code and bypass UEFI Secure Boot\nrestrictions. (CVE-2020-15707).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4432-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-signed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-signed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-ia32-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04 / 20.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-amd64-bin\", pkgver:\"2.02~beta2-36ubuntu3.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-amd64-signed\", pkgver:\"1.66.27+2.02~beta2-36ubuntu3.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-arm-bin\", pkgver:\"2.02~beta2-36ubuntu3.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-arm64-bin\", pkgver:\"2.02~beta2-36ubuntu3.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-arm64-signed\", pkgver:\"1.66.27+2.02~beta2-36ubuntu3.27\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"grub-efi-ia32-bin\", pkgver:\"2.02~beta2-36ubuntu3.27\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-amd64-bin\", pkgver:\"2.02-2ubuntu8.17\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-amd64-signed\", pkgver:\"1.93.19+2.02-2ubuntu8.17\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-arm-bin\", pkgver:\"2.02-2ubuntu8.17\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-arm64-bin\", pkgver:\"2.02-2ubuntu8.17\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-arm64-signed\", pkgver:\"1.93.19+2.02-2ubuntu8.17\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"grub-efi-ia32-bin\", pkgver:\"2.02-2ubuntu8.17\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-amd64-bin\", pkgver:\"2.04-1ubuntu26.2\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-amd64-signed\", pkgver:\"1.142.4+2.04-1ubuntu26.2\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-arm-bin\", pkgver:\"2.04-1ubuntu26.2\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-arm64-bin\", pkgver:\"2.04-1ubuntu26.2\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-arm64-signed\", pkgver:\"1.142.4+2.04-1ubuntu26.2\")) flag++;\nif (ubuntu_check(osver:\"20.04\", pkgname:\"grub-efi-ia32-bin\", pkgver:\"2.04-1ubuntu26.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub-efi-amd64-bin / grub-efi-amd64-signed / grub-efi-arm-bin / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:21:16", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3216 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "RHEL 8 : grub2 (RHSA-2020:3216)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:fwupd", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal", "p-cpe:/a:redhat:enterprise_linux:shim-aa64", "p-cpe:/a:redhat:enterprise_linux:shim-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64", "p-cpe:/a:redhat:enterprise_linux:shim-x64"], "id": "REDHAT-RHSA-2020-3216.NASL", "href": "https://www.tenable.com/plugins/nessus/139194", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3216. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139194);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3216\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"RHEL 8 : grub2 (RHSA-2020:3216)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3216 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(78, 122, 190, 416, 440, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.1.4-7.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-common-2.02-87.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-87.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-87.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'shim-aa64-15-14.el8_2', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15-14.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-7.el8', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-14.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.1.4-7.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-common-2.02-87.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-87.el8_2', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-87.el8_2', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_2', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'shim-aa64-15-14.el8_2', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15-14.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-7.el8', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-14.el8_2', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.1.4-7.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-common-2.02-87.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-87.el8_2', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-87.el8_2', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_2', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'shim-aa64-15-14.el8_2', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15-14.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-7.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-14.el8_2', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.1.4-7.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-common-2.02-87.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'shim-aa64-15-14.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15-14.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-14.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / grub2-common / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:21:23", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3227 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-07-30T00:00:00", "type": "nessus", "title": "RHEL 8 : grub2 (RHSA-2020:3227)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:fwupd", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal", "p-cpe:/a:redhat:enterprise_linux:shim-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-x64"], "id": "REDHAT-RHSA-2020-3227.NASL", "href": "https://www.tenable.com/plugins/nessus/139192", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3227. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139192);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3227\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"RHEL 8 : grub2 (RHSA-2020:3227)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3227 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(78, 122, 190, 416, 440, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.0/ppc64le/sap/os',\n 'content/e4s/rhel8/8.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.1.4-2.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-1.1.4-2.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-common-2.02-87.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_0', 'sp':'0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_0', 'sp':'0', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'shim-ia32-15-14.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-14.el8_0', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / grub2-common / grub2-efi-aa64-modules / grub2-efi-ia32 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:22:55", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3275 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-08-03T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2020:3275)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:fwupdate", "p-cpe:/a:redhat:enterprise_linux:fwupdate-devel", "p-cpe:/a:redhat:enterprise_linux:fwupdate-efi", "p-cpe:/a:redhat:enterprise_linux:fwupdate-libs", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal", "p-cpe:/a:redhat:enterprise_linux:mokutil", "p-cpe:/a:redhat:enterprise_linux:shim-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64", "p-cpe:/a:redhat:enterprise_linux:shim-x64"], "id": "REDHAT-RHSA-2020-3275.NASL", "href": "https://www.tenable.com/plugins/nessus/139283", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3275. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139283);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3275\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2020:3275)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3275 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(78, 122, 190, 416, 440, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mokutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupdate-9-10.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-devel-9-10.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-efi-9-10.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-libs-9-10.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-2.02-0.86.el7_4', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-0.86.el7_4', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_4', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_4', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_4', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mokutil-15-8.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15-8.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-ia32-15-8.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-8.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-8.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupdate / fwupdate-devel / fwupdate-efi / fwupdate-libs / grub2 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:22:31", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3271 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-08-03T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2020:3271)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:fwupdate", "p-cpe:/a:redhat:enterprise_linux:fwupdate-devel", "p-cpe:/a:redhat:enterprise_linux:fwupdate-efi", "p-cpe:/a:redhat:enterprise_linux:fwupdate-libs", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal", "p-cpe:/a:redhat:enterprise_linux:mokutil", "p-cpe:/a:redhat:enterprise_linux:shim-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64", "p-cpe:/a:redhat:enterprise_linux:shim-x64"], "id": "REDHAT-RHSA-2020-3271.NASL", "href": "https://www.tenable.com/plugins/nessus/139288", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3271. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139288);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3271\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2020:3271)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3271 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(78, 122, 190, 416, 440, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupdate-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mokutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupdate-12-6.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-devel-12-6.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-efi-12-6.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupdate-libs-12-6.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_6', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mokutil-15-8.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15-8.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-ia32-15-8.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-8.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15-8.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupdate / fwupdate-devel / fwupdate-efi / fwupdate-libs / grub2 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:22:37", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3276 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap- based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-08-03T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2020:3276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.3", "cpe:/o:redhat:rhel_e4s:7.3", "cpe:/o:redhat:rhel_tus:7.3", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal", "p-cpe:/a:redhat:enterprise_linux:mokutil", "p-cpe:/a:redhat:enterprise_linux:shim", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64"], "id": "REDHAT-RHSA-2020-3276.NASL", "href": "https://www.tenable.com/plugins/nessus/139287", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3276. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139287);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3276\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2020:3276)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3276 advisory.\n\n - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n - grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-\n based buffer overflow (CVE-2020-14308)\n\n - grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow\n (CVE-2020-14309)\n\n - grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n - grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n - grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n - grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n - grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3276\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1825243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1852030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1860978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1861581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(78, 122, 190, 416, 440, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mokutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.3')) audit(AUDIT_OS_NOT, 'Red Hat 7.3', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.3/x86_64/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.3/x86_64/os',\n 'content/aus/rhel/server/7/7.3/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.3/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.3/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.3/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.3/x86_64/debug',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.3/x86_64/os',\n 'content/tus/rhel/server/7/7.3/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-2.02-0.86.el7', 'sp':'3', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-0.86.el7', 'sp':'3', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7', 'sp':'3', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7', 'sp':'3', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7', 'sp':'3', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'mokutil-15-8.el7_3', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-15-8.el7_3', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-ia32-15-8.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15-8.el7', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-efi-aa64-modules / grub2-efi-ia32 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:46:20", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5790 advisory.\n\n - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-10713)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. (CVE-2020-14308)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. (CVE-2020-14309)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. (CVE-2020-14311)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15706)\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15707)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow. (CVE-2020-14310)\n\n - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15705)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : grub2 (ELSA-2020-5790)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2023-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:grub2", "p-cpe:/a:oracle:linux:grub2-tools", "p-cpe:/a:oracle:linux:grub2-tools-extra", "p-cpe:/a:oracle:linux:grub2-tools-minimal", "p-cpe:/a:oracle:linux:grub2-efi-aa64", "p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot"], "id": "ORACLELINUX_ELSA-2020-5790.NASL", "href": "https://www.tenable.com/plugins/nessus/180945", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5790.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180945);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/08\");\n\n script_cve_id(\n \"CVE-2020-10713\",\n \"CVE-2020-14308\",\n \"CVE-2020-14309\",\n \"CVE-2020-14310\",\n \"CVE-2020-14311\",\n \"CVE-2020-15705\",\n \"CVE-2020-15706\",\n \"CVE-2020-15707\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"Oracle Linux 7 : grub2 (ELSA-2020-5790)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5790 advisory.\n\n - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper\n the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to\n load an untrusted or modified kernel, an attacker would first need to establish access to the system such\n as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a\n networked system with root access. With this access, an attacker could then craft a string to cause a\n buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The\n highest threat from this vulnerability is to data confidentiality and integrity as well as system\n availability. (CVE-2020-10713)\n\n - In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on\n the requested allocation size. This leads the function to return invalid memory allocations which can be\n further used to cause possible integrity, confidentiality and availability impacts during the boot\n process. (CVE-2020-14308)\n\n - There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a\n symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow\n leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled\n data. (CVE-2020-14309)\n\n - There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem\n containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a\n zero-sized memory allocation with subsequent heap-based buffer overflow. (CVE-2020-14311)\n\n - GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability\n which can be triggered by redefining a function whilst the same function is already executing, leading to\n arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and\n prior versions. (CVE-2020-15706)\n\n - Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux\n component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2\n upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number\n of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files\n on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot\n restrictions. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15707)\n\n - There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font\n name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer\n allocation to read the value from the font value. An attacker may leverage that by crafting a malicious\n font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow,\n zero-sized allocation and further heap-based buffer overflow. (CVE-2020-14310)\n\n - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be\n bypassed. This only affects systems where the kernel signing certificate has been imported directly into\n the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects\n GRUB2 version 2.04 and prior versions. (CVE-2020-15705)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5790.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14309\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10713\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('aarch64' >!< cpu) audit(AUDIT_ARCH_NOT, 'aarch64', cpu);\n\nvar pkgs = [\n {'reference':'grub2-2.02-0.81.0.4.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-0.81.0.4.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-0.81.0.4.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.81.0.4.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.81.0.4.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.81.0.4.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:07", "description": "The remote host is affected by the vulnerability described in GLSA-202104-05 (GRUB: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details.\n Impact :\n\n Please review the referenced CVE identifiers for details.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2021-05-03T00:00:00", "type": "nessus", "title": "GLSA-202104-05 : GRUB: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-14372", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2022-12-07T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:grub", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202104-05.NASL", "href": "https://www.tenable.com/plugins/nessus/149217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202104-05.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149217);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\"CVE-2020-10713\", \"CVE-2020-14308\", \"CVE-2020-14309\", \"CVE-2020-14310\", \"CVE-2020-14311\", \"CVE-2020-14372\", \"CVE-2020-15705\", \"CVE-2020-15706\", \"CVE-2020-15707\", \"CVE-2020-25632\", \"CVE-2020-25647\", \"CVE-2020-27749\", \"CVE-2020-27779\", \"CVE-2021-20225\", \"CVE-2021-20233\");\n script_xref(name:\"GLSA\", value:\"202104-05\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0061\");\n\n script_name(english:\"GLSA-202104-05 : GRUB: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202104-05\n(GRUB: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in GRUB. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n Please review the referenced CVE identifiers for details.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://wiki.gentoo.org/wiki/GRUB2_Quick_Start\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202104-05\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All GRUB users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/grub-2.06_rc1'\n After upgrading, make sure to run the grub-install command with options\n appropriate for your system. See the GRUB Quick Start guide in the\n references below for examples. Your system will be vulnerable until this\n action is performed.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:grub\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-devel/grub\", unaffected:make_list(\"ge 2.06_rc1\"), vulnerable:make_list(\"lt 2.06_rc1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GRUB\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2023-07-04T15:03:59", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4735-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nJuly 29, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : grub2\nCVE ID : CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310\n CVE-2020-14311 CVE-2020-15706 CVE-2020-15707\n\nSeveral vulnerabilities have been discovered in the GRUB2 bootloader.\n\nCVE-2020-10713\n\n A flaw in the grub.cfg parsing code was found allowing to break\n UEFI Secure Boot and load arbitrary code. Details can be found at\n https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/\n\nCVE-2020-14308\n\n It was discovered that grub_malloc does not validate the allocation\n size allowing for arithmetic overflow and subsequently a heap-based\n buffer overflow.\n\nCVE-2020-14309\n\n An integer overflow in grub_squash_read_symlink may lead to a heap-\n based buffer overflow.\n\nCVE-2020-14310\n\n An integer overflow in read_section_from_string may lead to a heap-\n based buffer overflow.\n\nCVE-2020-14311\n\n An integer overflow in grub_ext2_read_link may lead to a heap-based\n buffer overflow.\n\nCVE-2020-15706\n\n script: Avoid a use-after-free when redefining a function during\n execution.\n\nCVE-2020-15707\n\n An integer overflow flaw was found in the initrd size handling.\n\nFurther detailed information can be found at\nhttps://www.debian.org/security/2020-GRUB-UEFI-SecureBoot\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.02+dfsg1-20+deb10u1.\n\nWe recommend that you upgrade your grub2 packages.\n\nFor the detailed security status of grub2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/grub2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-29T16:59:52", "type": "debian", "title": "[SECURITY] [DSA 4735-1] grub2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-29T16:59:52", "id": "DEBIAN:DSA-4735-1:A9183", "href": "https://lists.debian.org/debian-security-announce/2020/msg00141.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-06T19:35:18", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for grub2 fixes the following issues:\n\n - Fix for CVE-2020-10713 (bsc#1168994)\n - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n (bsc#1173812)\n - Fix for CVE-2020-15706 (bsc#1174463)\n - Fix for CVE-2020-15707 (bsc#1174570)\n\n - Use overflow checking primitives where the arithmetic expression for\n buffer\n - Use grub_calloc for overflow check and return NULL when it would occur\n\n This update was imported from the SUSE:SLE-15-SP2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-1169=1", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-08T00:00:00", "type": "suse", "title": "Security update for grub2 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-08T00:00:00", "id": "OPENSUSE-SU-2020:1169-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5QFTCOW4BTAH2DDIZ2VU3J4FEJWO4JOO/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T19:35:18", "description": "An update that fixes 7 vulnerabilities is now available.\n\nDescription:\n\n This update for grub2 fixes the following issues:\n\n - CVE-2020-10713 (bsc#1168994)\n - CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311\n (bsc#1173812)\n - CVE-2020-15706 (bsc#1174463)\n - CVE-2020-15707 (bsc#1174570)\n\n - Use overflow checking primitives where the arithmetic expression for\n buffer allocations may include unvalidated data\n - Use grub_calloc for overflow check and return NULL when it would occur\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-1168=1", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-08T00:00:00", "type": "suse", "title": "Security update for grub2 (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-08T00:00:00", "id": "OPENSUSE-SU-2020:1168-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YF63ZYYQU7ZYKF6P6J247AYPUGDO5WQT/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2023-05-31T17:28:34", "description": " * [CVE-2020-14308](<https://vulners.com/cve/CVE-2020-14308>)\n\nIn grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.\n\n * [CVE-2020-14309](<https://vulners.com/cve/CVE-2020-14309>)\n\nThere's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.\n\n * [CVE-2020-14310](<https://vulners.com/cve/CVE-2020-14310>)\n\nThere is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.\n\n * [CVE-2020-14311](<https://vulners.com/cve/CVE-2020-14311>)\n\nThere is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.\n\n * [CVE-2020-15705](<https://vulners.com/cve/CVE-2020-15705>)\n\nGRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.\n\n * [CVE-2020-15706](<https://vulners.com/cve/CVE-2020-15706>)\n\nGRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.\n\n * [CVE-2020-15707](<https://vulners.com/cve/CVE-2020-15707>)\n\nInteger overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-18T21:28:00", "type": "f5", "title": "Multiple grub2 vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2021-03-18T21:28:00", "id": "F5:K48187630", "href": "https://support.f5.com/csp/article/K48187630", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-06-06T15:26:39", "description": " The GRand Unified Bootloader (GRUB) is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices. ", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-27T01:05:37", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: grub2-2.02-110.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-09-27T01:05:37", "id": "FEDORA:1FF6B30C5606", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4QPZUIYZ4VFS4VAFSITTFBWG2DZW5TUI/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:26:39", "description": " The GRand Unified Bootloader (GRUB) is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices. ", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-09-14T13:26:52", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: grub2-2.04-22.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-09-14T13:26:52", "id": "FEDORA:574BC3099D0A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WPQH54SQQ5F654NLOQK55HG6HPNF7VZ4/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "photon": [{"lastseen": "2021-11-03T12:02:52", "description": "An update of {'grub2'} packages of Photon OS has been released. This updates fixes CVE-2020-10713 commonly known as BootHole.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-30T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0267", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-30T00:00:00", "id": "PHSA-2020-2.0-0267", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-267", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T08:48:32", "description": "An update of {'grub2'} packages of Photon OS has been released. This updates fixes CVE-2020-10713 commonly known as BootHole.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-30T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0311", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-30T00:00:00", "id": "PHSA-2020-1.0-0311", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-311", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T16:18:45", "description": "Updates of ['grub2'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0311", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-30T00:00:00", "id": "PHSA-2020-0311", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-311", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-30T15:47:27", "description": "Updates of ['grub2'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0267", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-30T00:00:00", "id": "PHSA-2020-0267", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-267", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-30T12:34:15", "description": "Updates of ['grub2', 'linux'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-3.0-0120", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-15780"], "modified": "2020-07-30T00:00:00", "id": "PHSA-2020-3.0-0120", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-120", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:47:21", "description": "Updates of ['grub2', 'linux'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-23T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0120", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-15780"], "modified": "2020-07-23T00:00:00", "id": "PHSA-2020-0120", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-120", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2023-08-04T12:27:59", "description": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupdate packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* grub2 should get resynced with 7.8 branch (BZ#1861858)", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-03T10:37:39", "type": "redhat", "title": "(RHSA-2020:3275) Moderate: grub2 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-03T10:54:39", "id": "RHSA-2020:3275", "href": "https://access.redhat.com/errata/RHSA-2020:3275", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupdate packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* grub2 should get resynced with 7.8 branch (BZ#1861857)", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-03T10:36:06", "type": "redhat", "title": "(RHSA-2020:3271) Moderate: grub2 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-03T11:24:41", "id": "RHSA-2020:3271", "href": "https://access.redhat.com/errata/RHSA-2020:3271", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupd packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-29T19:04:21", "type": "redhat", "title": "(RHSA-2020:3223) Moderate: grub2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-03T15:43:16", "id": "RHSA-2020:3223", "href": "https://access.redhat.com/errata/RHSA-2020:3223", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupdate packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* grub2 should get resynced with 7.8 branch (BZ#1861855)", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-03T10:37:05", "type": "redhat", "title": "(RHSA-2020:3274) Moderate: grub2 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-03T11:26:54", "id": "RHSA-2020:3274", "href": "https://access.redhat.com/errata/RHSA-2020:3274", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupd packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-29T19:56:15", "type": "redhat", "title": "(RHSA-2020:3227) Moderate: grub2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-03T15:42:14", "id": "RHSA-2020:3227", "href": "https://access.redhat.com/errata/RHSA-2020:3227", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupd packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-29T17:13:43", "type": "redhat", "title": "(RHSA-2020:3216) Moderate: grub2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-03T15:43:36", "id": "RHSA-2020:3216", "href": "https://access.redhat.com/errata/RHSA-2020:3216", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* grub2 should get resynced with 7.8 branch (BZ#1861860)", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-03T11:17:09", "type": "redhat", "title": "(RHSA-2020:3276) Moderate: grub2 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-03T11:46:51", "id": "RHSA-2020:3276", "href": "https://access.redhat.com/errata/RHSA-2020:3276", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:27:59", "description": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupdate packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* grub2 doesn't handle relative paths correctly for UEFI HTTP Boot (BZ#1616395)\n\n* UEFI HTTP boot over IPv6 does not work (BZ#1732765)\n\nUsers of grub2 are advised to upgrade to these updated packages, which fix these bugs.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-29T18:43:19", "type": "redhat", "title": "(RHSA-2020:3217) Moderate: grub2 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-03T15:43:13", "id": "RHSA-2020:3217", "href": "https://access.redhat.com/errata/RHSA-2020:3217", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "qualysblog": [{"lastseen": "2020-08-08T10:03:48", "description": "On July 29, 2020, [Eclypsium researchers](<https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>) disclosed a high-risk vulnerability in GRUB2 (GRand Unified Bootloader version 2) affecting billions of Linux and Windows systems, even when secure boot is enabled. CVE-2020-10713 is assigned to this buffer overflow vulnerability, termed as \u201cBoothole\u201d.\n\nSuccessful exploitation of the vulnerability requires high privileges or physical access to the device. According to [Eclypsium researchers](<https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>), "attackers exploiting this vulnerability can install persistent and stealthy bootkits or malicious bootloaders that could give them near-total control over the victim device." \n\nSecure Boot is designed to verify all the firmware of the computer is trusted. However, CVE-2020-10713 results in total pwn of secure boot in systems using GRUB. The bug resides in GRUB\u2019s inadequate error handling.\n\n##### **Additional Vulnerabilities in GRUB2**\n\nAfter the initial vulnerability report by the Eclypsium team, a number of additional vulnerabilities were discovered by the Canonical security team:\n\n * CVE-2020-14308: Heap-based buffer overflow in grub_malloc\n * CVE-2020-14309: Integer overflow in grub_squash_read_symlink can lead to heap-based overflow\n * CVE-2020-14310: Integer overflow read_section_from_string can lead to heap-based overflow\n * CVE-2020-14311: Integer overflow in grub_ext2_read_link can leads to heap-based buffer overflow\n * CVE-2020-15705: Failure to validate kernel signature when booted without shim\n * CVE-2020-15706: Use-after-free in grub_script_function_create\n * CVE-2020-15707: Integer overflow in initrd size handling\n\n##### **Affected Vendors**\n\nAll operating systems which use GRUB2 with Secure Boot are affected. As per [Eclypsium\u2019s report](<https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>), the following vendors are confirmed to be affected:\n\n * [Microsoft](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>)\n * [UEFI Security Response Team (USRT)](<https://uefi.org/revocationlistfile>)\n * Oracle\n * [Red Hat (Fedora and RHEL)](<https://access.redhat.com/security/vulnerabilities/grub2bootloader>)\n * [Canonical (Ubuntu)](<https://ubuntu.com/blog/mitigating-boothole-theres-a-hole-in-the-boot-cve-2020-10713-and-related-vulnerabilities>)\n * [SuSE (SLES and openSUSE)](<https://www.suse.com/support/update/announcement/2020/suse-su-20202073-1/>)\n * [Debian](<https://lists.debian.org/debian-security-announce/2020/msg00144.html>)\n * Citrix\n * [VMware](<https://kb.vmware.com/s/article/80181>)\n * Various OEMs\n\n### Identification of Assets using Qualys VMDR\n\nThe first step in managing vulnerabilities and reducing risk is identification of assets. [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) enables easy identification of Windows and Linux systems\n\n_`operatingSystem.category1:`Windows` or operatingSystem.category1:`Linux``_\n\n\n\nOnce the hosts are identified, they can be grouped together with a \u2018dynamic tag\u2019, let\u2019s say \u2013 Boothole. This helps in automatically grouping existing hosts with Boothole as well as any new Windows or Linux host that spins up in your environment. Tagging makes these grouped assets available for querying, reporting and management throughout the [Qualys Cloud Platform](<https://www.qualys.com/cloud-platform/>). \n\n#### Discover Boothole CVE-2020-10713 Vulnerability \n\nNow that hosts with Boothole are identified, you want to detect which of these assets have flagged this vulnerability. VMDR automatically detects new vulnerabilities like Boothole based on the always updated Knowledgebase.\n\nYou can see all your impacted hosts for this vulnerability tagged with the \u2018Boothole\u2019 asset tag in the vulnerabilities view by using this QQL query:\n\n_`vulnerabilities.vulnerability.qid:[173771, 173770, 173769, 173768, 197967, 177969, 177966, 256935, 256934, 158696, 158695, 158694]`_\n\nThis will return a list of all impacted hosts.\n\n\n\nThese QIDs are included in signature version VULNSIGS-2.4.951-3 and above and can be detected using authenticated scanning or the [Qualys Cloud Agent](<https://www.qualys.com/cloud-agent/>).\n\nUsing VMDR, the Boothole vulnerability can be prioritized for the following real-time threat indicators (RTIs):\n\n * Denial of Service\n * High Data Loss\n * High Lateral Movement\n\n\nVMDR also enables you to stay on top of these threats proactively via the \u2018live feed\u2019 provided for threat prioritization. With \u2018live feed\u2019 updated for all emerging high and medium risks, you can clearly see the impacted hosts against threats. \n\n * \n\nSimply click on the impacted assets for the Boothole threat feed to see the vulnerability and impacted host details. \n\nWith VM Dashboard, you can track Boothole, impacted hosts, their status and overall management in real-time. With trending enabled for dashboard widgets, you can keep track of Boothole vulnerability trends in your environment using [GRUB2 Boothole Vulnerability Dashboard](<https://qualys-secure.force.com/discussions/s/article/000006384>).\n\n\n\n#### Response by Patching and Remediation \n\nVMDR rapidly remediates the Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select \u201ccve:`CVE-2020-10713`\u201d in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go for hosts grouped together by a tag \u2013 Boothole. \n\nFor proactive, continuous patching, you can create a job without a Patch Window to ensure all hosts will continue to receive the required patches as new patches become available for emerging vulnerabilities.\n\nUsers are encouraged to apply patches as soon as possible.\n\n##### Mitigation\n\nMicrosoft has published an [advisory](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011>) to address security feature bypass in GRUB.\n\nOther affected vendors provide updates for GRUB2.\n\n#### Unstable Linux Patches\n\nQualys also released a Notification over the weekend for customers : [Qualys Support Proactive Notification: Red Hat Update for BootHole Vulnerability Renders Systems Unbootable](<https://notifications.qualys.com/product/2020/08/01/qualys-support-proactive-notification-red-hat-update-for-boothole-vulnerability-renders-systems-unbootable>).\n\n### Get Started Now\n\nStart your [Qualys VMDR trial](<https://www.qualys.com/subscriptions/vmdr/>) for automatically identifying, detecting and patching the high-priority Boothole vulnerability CVE-2020-10713.\n\n##### **References**\n\n<https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>\n\n<https://github.com/eclypsium/BootHole>", "cvss3": {}, "published": "2020-08-03T21:35:38", "type": "qualysblog", "title": "GRUB2 Boothole Buffer Overflow Vulnerability (CVE-2020-10713) \u2013 Automatically Discover, Prioritize and Remediate Using Qualys VMDR\u00ae", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-03T21:35:38", "id": "QUALYSBLOG:4DA175A5FB10CC3E64B58AB0536688A4", "href": "https://blog.qualys.com/category/vulnerabilities-research", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-09-07T14:43:56", "description": "**CentOS Errata and Security Advisory** CESA-2020:3217\n\n\nThe grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nThe shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments.\n\nThe fwupdate packages provide a service that allows session software to update device firmware.\n\nSecurity Fix(es):\n\n* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)\n\n* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308)\n\n* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309)\n\n* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)\n\n* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)\n\n* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)\n\n* grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706)\n\n* grub2: Integer overflow in initrd size handling (CVE-2020-15707)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* grub2 doesn't handle relative paths correctly for UEFI HTTP Boot (BZ#1616395)\n\n* UEFI HTTP boot over IPv6 does not work (BZ#1732765)\n\nUsers of grub2 are advised to upgrade to these updated packages, which fix these bugs.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2020-July/085905.html\nhttps://lists.centos.org/pipermail/centos-announce/2020-July/085907.html\nhttps://lists.centos.org/pipermail/centos-announce/2020-July/085908.html\n\n**Affected packages:**\ngrub2\ngrub2-common\ngrub2-efi-ia32\ngrub2-efi-ia32-cdboot\ngrub2-efi-ia32-modules\ngrub2-efi-x64\ngrub2-efi-x64-cdboot\ngrub2-efi-x64-modules\ngrub2-i386-modules\ngrub2-pc\ngrub2-pc-modules\ngrub2-tools\ngrub2-tools-extra\ngrub2-tools-minimal\nmokutil\nshim\nshim-ia32\nshim-signed\nshim-unsigned-ia32\nshim-unsigned-x64\nshim-x64\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2020:3217", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-30T00:08:50", "type": "centos", "title": "grub2, mokutil, shim security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-30T00:10:07", "id": "CESA-2020:3217", "href": "https://lists.centos.org/pipermail/centos-announce/2020-July/085905.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:57", "description": "[2.02-81.0.3]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311,\n CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-29T00:00:00", "type": "oraclelinux", "title": "grub2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-29T00:00:00", "id": "ELSA-2020-5782", "href": "http://linux.oracle.com/errata/ELSA-2020-5782.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:56", "description": "[2.02-81.0.4]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311,\n CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries\n[2.02-0.81.0.2]\n- Enable common subpackage build for aarch64\n- Disable RHEL patch 0183-efinet-retransmit-if-our-device-is-busy.patch to comply with UEFI spec\n- increase timeout to 10ms in efinet.c, [Orabug: 27982684]\n[2.02-0.81.0.1]\n- Update upstream references [Orabug: 30138841]\n- build with the updated Oracle certificate\n- Restore symlink to grub environment file, that was removed during grub2-efi update\n if grub2 package is also installed on UEFI machines [Orabug: 27345750]\n- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]\n- Pack files in efidir with disabled rpm verification [Orabug: 27166026]\n- Fix comparison in patch for [Orabug: 18504756]\n- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]\n- replace dynamic EFI boot folder path generation with predefined 'redhat' (Alex Burmashev)\n- update Oracle Linux certificates (Alexey Petrenko)\n- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]\n- Use different titles for UEK and RHCK kernels [Orabug: 18504756]\n- changed efidir with 0700 access rights, redhat chose another approach in rhbz#1496952, [Orabug: 28622344]\n- revert orabug [Orabug: 27166026] changes", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-29T00:00:00", "type": "oraclelinux", "title": "grub2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-29T00:00:00", "id": "ELSA-2020-5790", "href": "http://linux.oracle.com/errata/ELSA-2020-5790.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:40", "description": "[2.02-82.0.2.el8_2.1]\n- Fix CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311,\n CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 [Orabug: 31225072]\n- Update signing certificate for efi binaries", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2020-07-29T00:00:00", "type": "oraclelinux", "title": "grub2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-29T00:00:00", "id": "ELSA-2020-5786", "href": "http://linux.oracle.com/errata/ELSA-2020-5786.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:29", "description": "[2.02-90.0.2.el8_3.1]\n- Fix various coverity issues [Orabug: 32530657]\n- Add SBAT metadata to grubx64.efi [Orabug: 32530657]\n- Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327]\n- Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072]\n- Update signing certificate for efi binaries\n- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]\n- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]\n- Update upstream references [Orabug: 26388226]\n- Copy symvers.gz to /boot during kernel install [Orabug: 29773086]\n- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]\n- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]\n- Fix comparison in patch for 18504756\n- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]\n- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]\n- Use different titles for UEK and RHCK kernels [Orabug: 18504756]\n[2.02-90.el8_3.1]\n- Fix another batch of CVEs\n Resolves: CVE-2020-14372\n Resolves: CVE-2020-25632\n Resolves: CVE-2020-25647\n Resolves: CVE-2020-27749\n Resolves: CVE-2020-27779\n Resolves: CVE-2021-20225\n Resolves: CVE-2021-20233", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-03-05T00:00:00", "type": "oraclelinux", "title": "grub2 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14372", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-05T00:00:00", "id": "ELSA-2021-0696", "href": "http://linux.oracle.com/errata/ELSA-2021-0696.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-06-06T15:45:49", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * grub2 \\- GRand Unified Bootloader\n * grub2-signed \\- GRand Unified Bootloader\n\nJesse Michael and Mickey Shkatov discovered that the configuration parser \nin GRUB2 did not properly exit when errors were discovered, resulting in \nheap-based buffer overflows. A local attacker could use this to execute \narbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713)\n\nChris Coulson discovered that the GRUB2 function handling code did not \nproperly handle a function being redefined, leading to a use-after-free \nvulnerability. A local attacker could use this to execute arbitrary code \nand bypass UEFI Secure Boot restrictions. (CVE-2020-15706)\n\nChris Coulson discovered that multiple integer overflows existed in GRUB2 \nwhen handling certain filesystems or font files, leading to heap-based \nbuffer overflows. A local attacker could use these to execute arbitrary \ncode and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, \nCVE-2020-14310, CVE-2020-14311)\n\nIt was discovered that the memory allocator for GRUB2 did not validate \nallocation size, resulting in multiple integer overflows and heap-based \nbuffer overflows when handling certain filesystems, PNG images or disk \nmetadata. A local attacker could use this to execute arbitrary code and \nbypass UEFI Secure Boot restrictions. (CVE-2020-14308)\n\nMathieu Trudel-Lapierre discovered that in certain situations, GRUB2 \nfailed to validate kernel signatures. A local attacker could use this \nto bypass Secure Boot restrictions. (CVE-2020-15705)\n\nColin Watson and Chris Coulson discovered that an integer overflow \nexisted in GRUB2 when handling the initrd command, leading to a heap-based \nbuffer overflow. A local attacker could use this to execute arbitrary code \nand bypass UEFI Secure Boot restrictions. (CVE-2020-15707)\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-29T00:00:00", "type": "ubuntu", "title": "GRUB 2 vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-07-29T00:00:00", "id": "USN-4432-1", "href": "https://ubuntu.com/security/notices/USN-4432-1", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-24T23:53:00", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * grub2 \\- GRand Unified Bootloader\n * grub2-signed \\- GRand Unified Bootloader\n\nUSN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot \nenvironments. Unfortunately, the update introduced regressions for \nsome BIOS systems (either pre-UEFI or UEFI configured in Legacy mode), \npreventing them from successfully booting. This update addresses \nthe issue.\n\nUsers with BIOS systems that installed GRUB2 versions from USN-4432-1 \nshould verify that their GRUB2 installation has a correct understanding \nof their boot device location and installed the boot loader correctly.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJesse Michael and Mickey Shkatov discovered that the configuration parser \nin GRUB2 did not properly exit when errors were discovered, resulting in \nheap-based buffer overflows. A local attacker could use this to execute \narbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713)\n\nChris Coulson discovered that the GRUB2 function handling code did not \nproperly handle a function being redefined, leading to a use-after-free \nvulnerability. A local attacker could use this to execute arbitrary code \nand bypass UEFI Secure Boot restrictions. (CVE-2020-15706)\n\nChris Coulson discovered that multiple integer overflows existed in GRUB2 \nwhen handling certain filesystems or font files, leading to heap-based \nbuffer overflows. A local attacker could use these to execute arbitrary \ncode and bypass UEFI Secure Boot restrictions. (CVE-2020-14309, \nCVE-2020-14310, CVE-2020-14311)\n\nIt was discovered that the memory allocator for GRUB2 did not validate \nallocation size, resulting in multiple integer overflows and heap-based \nbuffer overflows when handling certain filesystems, PNG images or disk \nmetadata. A local attacker could use this to execute arbitrary code and \nbypass UEFI Secure Boot restrictions. (CVE-2020-14308)\n\nMathieu Trudel-Lapierre discovered that in certain situations, GRUB2 \nfailed to validate kernel signatures. A local attacker could use this \nto bypass Secure Boot restrictions. (CVE-2020-15705)\n\nColin Watson and Chris Coulson discovered that an integer overflow \nexisted in GRUB2 when handling the initrd command, leading to a heap-based \nbuffer overflow. A local attacker could use this to execute arbitrary code \nand bypass UEFI Secure Boot restrictions. (CVE-2020-15707)\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-08-04T00:00:00", "type": "ubuntu", "title": "GRUB2 regression", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707"], "modified": "2020-08-04T00:00:00", "id": "USN-4432-2", "href": "https://ubuntu.com/security/notices/USN-4432-2", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-06-06T16:28:10", "description": "All CVEs below are against the SecureBoot functionality in GRUB2. We do not ship this as part of Mageia. Therefore, we ship an updated grub2 package to 2.06 for Mageia 8 fixing upstream bugfixes. A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-10713). In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process (CVE-2020-14308). There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data (CVE-2020-14309). There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow (CVE-2020-14310). There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow (CVE-2020-14311). A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability (CVE-2020-14372). GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions (CVE-2020-15705). GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions (CVE-2020-15706). Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions (CVE-2020-15707). A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-20225). A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actuall requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-20233). A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of SecureBoot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-25632). A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-25647). A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-27749). A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-27779). \n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-07-08T22:43:19", "type": "mageia", "title": "Updated grub2 packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-14372", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-07-08T22:43:19", "id": "MGASA-2021-0315", "href": "https://advisories.mageia.org/MGASA-2021-0315.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-06-06T15:24:42", "description": "### Background\n\nGNU GRUB is a multiboot boot loader used by most Linux systems.\n\n### Description\n\nMultiple vulnerabilities have been discovered in GRUB. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GRUB users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/grub-2.06_rc1\"\n \n\nAfter upgrading, make sure to run the grub-install command with options appropriate for your system. See the GRUB Quick Start guide in the references below for examples. Your system will be vulnerable until this action is performed.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-04-30T00:00:00", "type": "gentoo", "title": "GRUB: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-14372", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-04-30T00:00:00", "id": "GLSA-202104-05", "href": "https://security.gentoo.org/glsa/202104-05", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-02-27T21:49:20", "description": "## Summary\n\nThe product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-11868](<https://vulners.com/cve/CVE-2020-11868>) \n** DESCRIPTION: **NTP is vulnerable to a denial of service, caused by a flaw in ntpd. By sending a server mode packet with a spoofed source IP address, a remote attacker could exploit this vulnerability to block unauthenticated synchronization resulting in a denial of service condition. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/180011](<https://exchange.xforce.ibmcloud.com/vulnerabilities/180011>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-13817](<https://vulners.com/cve/CVE-2020-13817>) \n** DESCRIPTION: **NTP is vulnerable to a denial of service, caused by an issue when relying on unauthenticated IPv4 time sources in ntpd. By predicting transmit timestamps for use in spoofed packets, a remote attacker could exploit this vulnerability to cause the daemon to crash or system time change. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183494](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183494>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-12049](<https://vulners.com/cve/CVE-2020-12049>) \n** DESCRIPTION: **D-Bus is vulnerable to a denial of service, caused by an error in _dbus_read_socket_with_unix_fds. By sending specially crafted messages, a local attacker could exploit this vulnerability to cause the system dbus-daemon (dbus-daemon --system) to leak file descriptors. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182955>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-8177](<https://vulners.com/cve/CVE-2020-8177>) \n** DESCRIPTION: **cURL could allow a remote attacker to overwrite arbitrary files on the system, caused by the improper handling of certain parameters when using -J (--remote-header-name) and -I (--include) in the same command line. An attacker could exploit this vulnerability to overwrite a local file. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183931](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183931>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-19527](<https://vulners.com/cve/CVE-2019-19527>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free condition in drivers/hid/usbhid/hiddev.c. By connecting a specially-crafted USB device, an attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172524](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172524>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-10757](<https://vulners.com/cve/CVE-2020-10757>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw when mremap a mmaped DAX nvdimm to a mmaped anonymous memory region. By executing a specially-crafted program, a local attacker could exploit this vulnerability to cause corrupted page table resulting in a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182919](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182919>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-12653](<https://vulners.com/cve/CVE-2020-12653>) \n** DESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an incorrect memcpy and buffer overflow in the mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181449](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181449>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-12654](<https://vulners.com/cve/CVE-2020-12654>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c. By sending a specially-crafted request, a local attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/181450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/181450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10713](<https://vulners.com/cve/CVE-2020-10713>) \n** DESCRIPTION: **GNU GRUB2 could allow a local authenticated attacker to execute arbitrary code on the system. By injecting a malicious payload, an attacker could exploit this vulnerability to bypass Secure Boot protections and execute arbitrary code within GRUB. Note: This vulnerability is also known as BootHole. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14308](<https://vulners.com/cve/CVE-2020-14308>) \n** DESCRIPTION: **GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the grub_malloc function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14309](<https://vulners.com/cve/CVE-2020-14309>) \n** DESCRIPTION: **GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by an integer overflow in grub_squash_read_symlink. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186058](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186058>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-14310](<https://vulners.com/cve/CVE-2020-14310>) \n** DESCRIPTION: **GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by an integer overflow in read_section_from_string. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186059](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186059>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-14311](<https://vulners.com/cve/CVE-2020-14311>) \n** DESCRIPTION: **GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by an integer overflow in grub_ext2_read_link. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186060](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186060>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H) \n \n** CVEID: **[CVE-2020-15705](<https://vulners.com/cve/CVE-2020-15705>) \n** DESCRIPTION: **GNU GRUB2 could allow a local authenticated attacker to bypass security restrictions, caused by improper validation of kernel signature when booted directly without shim. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass secure boot to perform arbitrary actions. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186061](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186061>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-15706](<https://vulners.com/cve/CVE-2020-15706>) \n** DESCRIPTION: **GNU GRUB2 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in the grub_script_function_create function when redefining a function during execution. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186062](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186062>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-15707](<https://vulners.com/cve/CVE-2020-15707>) \n** DESCRIPTION: **GNU GRUB2 is vulnerable to a heap-based buffer overflow, caused by an integer overflow in grub_cmd_initrd and grub_initrd_init. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition. \nCVSS Base score: 5.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186063](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186063>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 3\n\nIBM QRadar Network Packet Capture 7.4.0 - 7.4.1 GA\n\n \n\n\n## Remediation/Fixes\n\n[IBM QRadar Network Packet Capture 7.3.3 Patch 4](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=All&platform=All&function=fixId&fixids=7.3.3-QRadar-NETPCAP-Upgrade-13&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM QRadar Network Packet Capture 7.3.3 Patch 4\" )\n\n[IBM QRadar Network Packet Capture 7.4.1 Patch 1](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+QRadar+Network+Packet+Capture+Appliance&release=All&platform=All&function=fixId&fixids=7.4.1-QRADAR-NETPCAPFULL-1110&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"IBM QRadar Network Packet Capture 7.4.1 Patch 1\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-10-30T16:18:45", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to Using Components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19527", "CVE-2020-10713", "CVE-2020-10757", "CVE-2020-11868", "CVE-2020-12049", "CVE-2020-12653", "CVE-2020-12654", "CVE-2020-13817", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-8177"], "modified": "2020-10-30T16:18:45", "id": "D860B85F49895E0D8CF0AC6A066F6902558B044E03F0320678E24399C41C6135", "href": "https://www.ibm.com/support/pages/node/6357567", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-06-14T15:27:25", "description": "# Executive Summary\n\nMicrosoft is aware of a vulnerability in the GRand Unified Boot Loader (GRUB), commonly used by Linux. This vulnerability, known as \u201cThere\u2019s a Hole in the Boot\u201d, could allow for Secure Boot bypass.\n\nTo exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks thereby allowing arbitrary executables and drivers to be loaded onto the target device.\n\nMicrosoft is working to complete validation and compatibility testing of a required Windows Update that addresses this vulnerability. If you are an IT professional and would like to immediately address this vulnerability, please see the mitigation option on installing an un-tested update. When the Windows updates become available, customers will be notified via revision to this advisory. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See [Microsoft Technical Security Notifications](<https://technet.microsoft.com/en-us/security/dd252948>) and [Coming Soon: New Security Update Guide Notification System](<https://msrc-blog.microsoft.com/2022/01/11/coming-soon-new-security-update-guide-notification-system/>).\n\nThis vulnerability is detectable via [TPM attestation](<https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/component-updates/tpm-key-attestation>) and [Defender ATP](<https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection>).\n\nCVEs released for this issue: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707.\n\n**Update: March 2, 2021**\n\nA new set of similar vulnerabilities has been discovered, documented under: CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-3418, CVE-2021-20225, CVE-2021-20233.\n\n**Update: August 9, 2022**\n\nMicrosoft has released standalone security update 5012170 to provide protection against the vulnerabilities described in this advisory. See the FAQ section and [KB5012170: Security update for Secure Boot DBX: August 9, 2022](<https://support.microsoft.com/help/5012170>) for more information about this update.\n\n## Background Information\n\nIn 2012, Microsoft introduced the Secure Boot feature into the then-new, UEFI-based PC ecosystem. UEFI Secure Boot is an anti-rootkit feature that defends the boot process from untrusted code execution. As part of enabling this feature, Microsoft signs boot code both for Windows and 3rd-parties including Linux distributions. This boot code allows Linux systems to take advantage of Secure Boot.\n\nThe GRUB vulnerability provides a way to bypass the UEFI Secure Boot security feature for any system that trusts the Microsoft 3rd-party UEFI signer, which includes many PCs.\n\n# Mitigations\n\nSee the **Mitigations** section following the **Exploitability** section.\n\n# Recommended Actions\n\nMicrosoft recommends that enterprise customers review this advisory in detail and register for the security notifications mailer to be alerted of content changes to this advisory. See [Microsoft Technical Security Notifications](<https://technet.microsoft.com/en-us/security/dd252948>).\n\n# References\n\n * [Microsoft guidance for applying Secure Boot DBX update](<https://support.microsoft.com/help/4575994>)\n * [How insights from system attestation can improve enterprise security](<https://techcommunity.microsoft.com/t5/microsoft-defender-atp/how-insights-from-system-attestation-and-advanced-hunting-can/ba-p/969252>)\n * Blog: [There's a Hole in the Boot](<https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>)\n * UEFI Forum: <https://uefi.org/revocationlistfile> (Applies to CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707).\n * Canonical: <https://ubuntu.com/security/notices/USN-4432-1>\n * Debian: <https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot>\n * HPE: [www.hpe.com/info/security-alerts](<www.hpe.com/info/security-alerts>)\n * Red Hat: <https://access.redhat.com/security/vulnerabilities/grub2bootloader>\n * SUSE: <https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/>\n * VMware: <https://kb.vmware.com/s/article/80181>\n * [CVE-2020-10713](<https://vulners.com/cve/CVE-2020-10713>)\n * [CVE-2020-14308](<https://vulners.com/cve/CVE-2020-14308>)\n * [CVE-2020-14309](<https://vulners.com/cve/CVE-2020-14309>)\n * [CVE-2020-14310](<https://vulners.com/cve/CVE-2020-14310>)\n * [CVE-2020-14311](<https://vulners.com/cve/CVE-2020-14311>)\n * [CVE-2020-15705](<https://vulners.com/cve/CVE-2020-15705>)\n * [CVE-2020-15706](<https://vulners.com/cve/CVE-2020-15706>)\n * [CVE-2020-15707](<https://vulners.com/cve/CVE-2020-15707>)\n\nCVEs published March 2, 2021:\n\n * [CVE-2020-14372](<https://vulners.com/cve/CVE-2020-14372>)\n * [CVE-2020-25632](<https://vulners.com/cve/CVE-2020-25632>)\n * [CVE-2020-25647](<https://vulners.com/cve/CVE-2020-25647>)\n * [CVE-2020-27749](<https://vulners.com/cve/CVE-2020-27749>)\n * [CVE-2020-27779](<https://vulners.com/cve/CVE-2020-27779>)\n * [CVE-2021-3418](<https://vulners.com/cve/CVE-2021-3418>)\n * [CVE-2021-20225](<https://vulners.com/cve/CVE-2021-20225>)\n * [CVE-2021-20233](<https://vulners.com/cve/CVE-2021-20233>)\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-29T07:00:00", "type": "mscve", "title": "Microsoft Guidance for Addressing Security Feature Bypass in GRUB", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-14372", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233", "CVE-2021-3418"], "modified": "2023-01-10T08:00:00", "id": "MS:ADV200011", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200011", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "hp": [{"lastseen": "2023-06-06T15:38:30", "description": "## Potential Security Impact\nArbitrary Code Execution \n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported By:** Eclypsium, Inc. \n\n## VULNERABILITY SUMMARY\nHP has been informed of a potential security vulnerability in GRUB2 bootloaders commonly used by Linux. This vulnerability, known as \u201cThere\u2019s a Hole in the Boot\u201d (also nicknamed \u201cBootHole\u201d), could allow bypass of UEFI Secure Boot and allow arbitrary code execution.\n\nAdditional GRUB2 vulnerabilities found in response to the initial report were included in the coordinated public disclosure.\n\nMore information on the vulnerabilities can be found in the Eclypsium blog: <https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/>[__](<https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/> \"External site.\" ) (in English). \n\n> note:\n> \n> The computers running Windows are vulnerable as long as they allow booting the vulnerable versions of GRUB2.\n\nOn March 2, 2021, additional GRUB2 vulnerabilities were disclosed. Information on these vulnerabilities are available in the advisories from OS vendors below.\n\n## RESOLUTION\nHP PCs will require an update to the Secure Boot Forbidden Signature Database (dbx) with the latest UEFI Revocation List File to prevent loading affected bootloaders and shims identified in the revocation list. HP has identified the affected platforms in the list below.\n\nFor Windows users, HP will use the industry-wide solution that will be released from Microsoft as detailed in Microsoft Guidance for Addressing Security Feature Bypass in GRUB (see above for the link to Security Advisory ADV200011).\n\nFor Linux users, distribution vendors will provide mitigated shims and GRUB2 bootloaders, as well as tools to update the dbx. Customers who install Linux on their platforms should check with their OS vendor on updates (see the links above).\n\nAdditional mitigation strategy:\n\nFor certain HP business platforms, customers can disable the MS UEFI CA Key in HP Computer Setup. Disabling the MS UEFI CA key will prevent loading of 3rd party devices signed by the key. Before applying any changes to this setting, be sure to have your BitLocker Recovery Key available and suspend BitLocker.\n", "cvss3": {}, "published": "2020-07-25T00:00:00", "type": "hp", "title": "HPSBHF03678 rev. 2 - GRUB2 Bootloader Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-14372", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233", "CVE-2021-3418"], "modified": "2021-06-24T00:00:00", "id": "HP:C06707446", "href": "https://support.hp.com/us-en/document/c06707446", "cvss": {"score": "8.2", "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/"}}], "redos": [{"lastseen": "2023-09-09T12:19:56", "description": "The vulnerability of the Linux kernel during direct boot in Secure Boot mode without shim is due to the fact that\r\n vulnerable software cannot verify the kernel signature when booting directly without shim.\r\n Exploitation of the vulnerability could allow an attacker to bypass Secure Boot\n\nVulnerability in grub_cmd_initrd and grub_initrd_init functions of the Grub configuration file is related to the large\r\n number of file system arguments to the initrd command on 32-bit architectures. Exploitation of the\r\n of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and\r\n and cause a denial of service\n\nGrub configuration file vulnerability with data buffer overrun.\r\n Exploitation of the vulnerability can be accessed by an attacker to gain access to sensitive data,\r\n violating their vulnerability also maintains a denial of storage\n\nVulnerability in the configuration file grub.cfg of the Grub2 operating system loader is related to errors in the\r\n neutralization of special elements. Exploitation of the vulnerability could allow an attacker to access\r\n to confidential data, compromise its integrity, and cause a denial of service\n\nVulnerability of the read_section_as_string() function of the Grub configuration file is related to the operation exceeding the\r\n permissible data buffer boundaries, because the maximum length of UINT32_MAX is 1 in bytes. Exploitation\r\n of the vulnerability allows an attacker to violate data integrity and also cause a denial of service\n\nVulnerability of Grub configuration file with lack of data validation from USB device. Exploitation\r\n of the vulnerability can be accessed by an attacker to gain access to sensitive data, breaching their\r\n vulnerability, a denial of storage also persists\n\nVulnerability in the rmmod implementation of the Grub configuration file is related to the lack of validation of the\r\n of loaded modules. Exploitation of the vulnerability could allow an attacker to gain access to the\r\n sensitive data, compromise its integrity, and cause a denial of service\n\nVulnerability of Grub configuration file functions with lack of output data validation when calling a\r\n function. Exploitation of the vulnerability can be accessed by an attacker to gain access to\r\n sensitive data, violating its vulnerability, also persists denial of storage\n\nVulnerability of Setparam_prefix() functions of Grub configuration file with incorrect error calculation of the\r\n of output data. Exploitation of the vulnerability can be accessed by an attacker to gain access to\r\n sensitive data, violating their vulnerability also retains a storage failure\n\nGrub configuration file vulnerability is related to incorrect restriction of ACPI commands usage\r\n when Secure Boot is enabled. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data and compromise its integrity.\r\n confidential data, compromise its integrity, and cause denial of service\n\nGRUB boot loader vulnerability is related to the fact that if certificates signed by GRUB2 are installed in db,\r\n GRUB2 can be loaded directly and then any kernel can be loaded without signature verification.\r\n Exploiting the vulnerability could allow an attacker to boot a kernel in safe boot mode, and\r\n perform a lockdown, even though it may have been modified.\n\nVulnerability of cutmem command of Grub configuration file with authorization. Exploitation of the\r\n of the vulnerability can be accessed by an attacker to gain access to sensitive data, violating their\r\n vulnerability, a storage denial is also maintained\n\nVulnerability of grub_script_function_create() function of Grub configuration file is related to the error of\r\n function override while this function is already executed. Exploitation of the vulnerability\r\n allows an attacker to gain access to confidential data, compromise its integrity, and cause a denial of service.\r\n denial of service\n\nA vulnerability in the Grub configuration file is related to an integer overflow of the UINT32 value.\r\n Exploitation of the vulnerability allows an attacker to access sensitive data, compromise its integrity, and cause a denial of service.\r\n integrity, as well as cause a denial of service\n\nVulnerability in the implementation of the dynamic memory allocation function of the Grub2 operating system boot loader\r\n is related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause\r\n affect the integrity, confidentiality and availability of information\n\nA vulnerability in the Grub configuration file is related to a bug in the handling of symlinks on external file systems\r\n file systems. Exploitation of the vulnerability could allow an attacker to compromise the integrity of data, as well as cause a\r\n denial of service", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-20T00:00:00", "type": "redos", "title": "ROS-20220920-01", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-14372", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233", "CVE-2021-3418"], "modified": "2022-09-20T00:00:00", "id": "ROS-20220920-01", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-grub-/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ics": [{"lastseen": "2023-09-09T22:51:12", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 8.2**\n * **ATTENTION: **Low attack complexity\n * **Vendor:** Hitachi Energy\n * **Equipment: **Transformer Asset Performance Management (APM) Edge\n * **Vulnerability:** Reliance on Uncontrolled Component\n\n## 2\\. UPDATE OR REPOSTED INFORMATION\n\nThis updated advisory is a follow-up to the original advisory titled \u201cICSA-21-336-06 Hitachi Energy APM Edge\u201d that was published December 02, 2021, on the ICS webpage on cisa.gov/ics.\n\n## 3\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause the product to become inaccessible.\n\n## 4\\. TECHNICAL DETAILS\n\n### 4.1 AFFECTED PRODUCTS\n\nHitachi Energy reports this vulnerability affects the following APM product versions:\n\n * APM Edge Version 1.0\n * APM Edge Version 2.0\n * APM Edge Version 3.0\n\n### 4.2 VULNERABILITY OVERVIEW\n\n**\\--------- Begin Update A part 1 of 2 ---------**\n\n#### 4.2.1 **[RELIANCE ON UNCONTROLLED COMPONENT CWE-1357](<https://cwe.mitre.org/data/definitions/1357.html>)**\n\n**\\--------- End Update A part 1 of 2 ---------**\n\nHitachi Energy is aware of public reports of this vulnerability in the following open-source software components: OpenSSL, LibSSL, libxml2 and GRUB2 bootloader. The vulnerability also affects some APM Edge products. An attacker who successfully exploits this vulnerability could cause the product to become inaccessible. \n \n[CVE-2021-3449](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3449>), [CVE-2020-1971](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1971>), [CVE-2019-1563](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1563>), [CVE-2019-1549](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1549>), [CVE-2019-1547](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1547>), [CVE-2021-23840](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23840>), [CVE-2021-23841](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23841>), [CVE-2017-8872](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8872>), [CVE-2019-20388](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20388>), [CVE-2020-24977](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24977>), [CVE-2021-3516](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3516>), [CVE-2021-3517](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3517>), [CVE-2021-3518](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3518>), [CVE-2021-3537](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3537>), [CVE-2021-3541](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3541>), [CVE-2020-10713](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10713>), [CVE-2020-14308](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14308>), [CVE-2020-14309](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14309>), [CVE-2020-14310](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14310>), [CVE-2020-14311](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14311>), [CVE-2020-15705](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705>), [CVE-2020-15706](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15706>), [CVE-2020-15707](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15707>), [CVE-2020-14372](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14372>), [CVE-2020-25632](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25632>), [CVE-2020-27749](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749>), [CVE-2020-27779](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27779>), [CVE-2021-20225](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225>), and [CVE-2021-20233](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233>) have been assigned to the vulnerability in these components. \nA CVSS v3 base score of 8.2 has been calculated for the worst case; the CVSS vector string is ([AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H>)).\n\n### 4.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Energy\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Switzerland\n\n### 4.4 RESEARCHER\n\nHitachi Energy reported to CISA that Transformer APM Edge contains open-source components with these known vulnerabilities.\n\n## 5\\. MITIGATIONS\n\nHitachi Energy recommends users update to Transformer APM Edge v4.0. This version updates the software components to remediate this vulnerability.\n\nHitachi Energy recommends the following security practices and firewall configurations to help protect process control networks from attacks that originate from outside the network:\n\n * Physically protect process control systems from direct access by unauthorized personnel. \n * Do not directly connect to the Internet.\n * Separated from other networks by means of a firewall system that has a minimal number of ports exposed.\n * Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails.\n * Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.\n\nPlease see Hitachi Energy advisory [8DBD000057](<https://search.abb.com/library/Download.aspx?DocumentID=8DBD000057&LanguageCode=en&DocumentPartId=&Action=Launch>) for additional mitigation and update information.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nCISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.cisa.gov](<https://us-cert.cisa.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-18T12:00:00", "type": "ics", "title": "Hitachi Energy APM Edge (Update A)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-8872", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-20388", "CVE-2020-10713", "CVE-2020-14308", "CVE-2020-14309", "CVE-2020-14310", "CVE-2020-14311", "CVE-2020-14372", "CVE-2020-15705", "CVE-2020-15706", "CVE-2020-15707", "CVE-2020-1971", "CVE-2020-24977", "CVE-2020-25632", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-3449", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3537", "CVE-2021-3541"], "modified": "2022-10-18T12:00:00", "id": "ICSA-21-336-06", "href": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-336-06", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2020-15707
