A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{"id": "CVE-2020-25632", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-25632", "description": "A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "published": "2021-03-03T17:15:00", "modified": "2023-11-07T03:20:00", "epss": [{"cve": "CVE-2020-25632", "epss": 0.00042, "percentile": 0.05731, "modified": "2023-12-02"}], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.5, "impactScore": 6.0}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25632", "reporter": "secalert@redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1879577", "https://security.gentoo.org/glsa/202104-05", "https://security.netapp.com/advisory/ntap-20220325-0001/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/"], "cvelist": ["CVE-2020-25632"], "immutableFields": [], "lastseen": "2023-12-02T15:58:15", "viewCount": 216, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:0696", "ALSA-2021:1734", "ALSA-2021:2566"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-25632"]}, {"type": "amazon", "idList": ["ALAS2-2021-1684"]}, {"type": "archlinux", "idList": ["ASA-202106-43"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:3931", "CBLMARINER:6461"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4867-1:7DFCD", "DEBIAN:DSA-4867-1:C31EC"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-25632"]}, {"type": "fedora", "idList": ["FEDORA:0311A304C5D2", "FEDORA:2C805304C743", "FEDORA:482AD312AD6B", "FEDORA:5DC52306C90A", "FEDORA:D12B9304C743", "FEDORA:E96CA304C35D"]}, {"type": "gentoo", "idList": ["GLSA-202104-05"]}, {"type": "hp", "idList": ["HP:C06707446", "HPSBHF03799"]}, {"type": "ibm", "idList": ["B80D2752DA6D220C15B399D294DC83B951CF616E39EF752AB12C0553D569D418"]}, {"type": "ics", "idList": ["ICSA-21-336-06"]}, {"type": "mageia", "idList": ["MGASA-2021-0315"]}, {"type": "mscve", "idList": ["MS:ADV200011"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1684.NASL", "ALMA_LINUX_ALSA-2021-0696.NASL", "ALMA_LINUX_ALSA-2021-1734.NASL", "ALMA_LINUX_ALSA-2021-2566.NASL", "CENTOS8_RHSA-2021-0696.NASL", "CENTOS8_RHSA-2021-2566.NASL", "DEBIAN_DSA-4867.NASL", "EULEROS_SA-2021-1714.NASL", "EULEROS_SA-2021-1741.NASL", "EULEROS_SA-2021-1794.NASL", "EULEROS_SA-2021-1875.NASL", "EULEROS_SA-2021-1900.NASL", "EULEROS_SA-2021-1927.NASL", "EULEROS_SA-2021-1948.NASL", "EULEROS_SA-2021-2001.NASL", "EULEROS_SA-2021-2027.NASL", "EULEROS_SA-2021-2082.NASL", "EULEROS_SA-2021-2126.NASL", "EULEROS_SA-2021-2376.NASL", "EULEROS_SA-2021-2868.NASL", "GENTOO_GLSA-202104-05.NASL", "NEWSTART_CGSL_NS-SA-2021-0097_GRUB2.NASL", "NEWSTART_CGSL_NS-SA-2021-0133_GRUB2.NASL", "NEWSTART_CGSL_NS-SA-2021-0182_GRUB2.NASL", "OPENSUSE-2021-462.NASL", "ORACLELINUX_ELSA-2021-0696.NASL", "ORACLELINUX_ELSA-2021-0699.NASL", "ORACLELINUX_ELSA-2021-9076.NASL", "ORACLELINUX_ELSA-2021-9077.NASL", "PHOTONOS_PHSA-2021-1_0-0376_GRUB2.NASL", "PHOTONOS_PHSA-2021-2_0-0334_GRUB2.NASL", "PHOTONOS_PHSA-2021-3_0-0202_GRUB2.NASL", "PHOTONOS_PHSA-2021-4_0-0001_GRUB2.NASL", "REDHAT-RHSA-2021-0696.NASL", "REDHAT-RHSA-2021-0697.NASL", "REDHAT-RHSA-2021-0698.NASL", "REDHAT-RHSA-2021-0699.NASL", "REDHAT-RHSA-2021-0700.NASL", "REDHAT-RHSA-2021-0701.NASL", "REDHAT-RHSA-2021-0702.NASL", "REDHAT-RHSA-2021-0703.NASL", "REDHAT-RHSA-2021-0704.NASL", "REDHAT-RHSA-2021-1734.NASL", "REDHAT-RHSA-2021-2566.NASL", "REDHAT-RHSA-2021-2790.NASL", "REDHAT-RHSA-2021-3675.NASL", "ROCKY_LINUX_RLSA-2021-1734.NASL", "ROCKY_LINUX_RLSA-2021-2566.NASL", "SL_20210303_GRUB2_ON_SL7_X.NASL", "SUSE_SU-2021-0679-1.NASL", "SUSE_SU-2021-0681-1.NASL", "SUSE_SU-2021-0682-1.NASL", "SUSE_SU-2021-0683-1.NASL", "SUSE_SU-2021-0684-1.NASL", "SUSE_SU-2021-0685-1.NASL", "SUSE_SU-2021-14659-1.NASL", "UBUNTU_USN-4992-1.NASL", "WINDOWS_UEFI_BOOTHOLE.NBIN"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-0696", "ELSA-2021-0699", "ELSA-2021-9076", "ELSA-2021-9077"]}, {"type": "osv", "idList": ["OSV:CVE-2020-25632", "OSV:DSA-4867-1"]}, {"type": "photon", "idList": ["PHSA-2021-0001", "PHSA-2021-0202", "PHSA-2021-0334", "PHSA-2021-0376", "PHSA-2021-1.0-0376", "PHSA-2021-2.0-0334", "PHSA-2021-3.0-0202", "PHSA-2021-4.0-0001"]}, {"type": "prion", "idList": ["PRION:CVE-2020-25632"]}, {"type": "redhat", "idList": ["RHSA-2021:0696", "RHSA-2021:0697", "RHSA-2021:0698", "RHSA-2021:0699", "RHSA-2021:0700", "RHSA-2021:0701", "RHSA-2021:0702", "RHSA-2021:0703", "RHSA-2021:0704", "RHSA-2021:0980", "RHSA-2021:1734", "RHSA-2021:2566", "RHSA-2021:2790", "RHSA-2021:3675"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-14372", "RH:CVE-2020-25632"]}, {"type": "redos", "idList": ["ROS-20220920-01"]}, {"type": "rocky", "idList": ["RLSA-2021:1734", "RLSA-2021:2566"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2021-1849"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0462-1"]}, {"type": "ubuntu", "idList": ["USN-4992-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-25632"]}, {"type": "veracode", "idList": ["VERACODE:29555"]}]}, "score": {"value": 8.2, "uncertanity": 0.1, "vector": "NONE"}, "twitter": {"counter": 9, "tweets": [{"link": "https://twitter.com/GrupoICA_Ciber/status/1369934875810222080", "text": "REDHAT\nM\u00faltiples vulnerabilidades de severidad alta en productos REDHAT: \n\nCVE-2021-20233,CVE-2020-25632,CVE-2021-3404,CVE-2021-3403,CVE-2020-25647\n\nM\u00e1s info en: https://t.co/sk4j9cYLBj?amp=1\n/hashtag/ciberseguridad?src=hashtag_click /hashtag/grupoica?src=hashtag_click /hashtag/redhat?src=hashtag_click"}, {"link": "https://twitter.com/www_sesin_at/status/1370199318091722756", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2020-25632 (enterprise_linux, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, fedora, grub2)) has been published on https://t.co/7Wh0J56wEK?amp=1"}, {"link": "https://twitter.com/GrupoICA_Ciber/status/1385865482490765316", "text": "REDHAT\nM\u00faltiples vulnerabilidades de severidad alta en productos REDHAT: \n\nCVE-2021-20233,CVE-2021-20232,CVE-2021-20231,CVE-2020-27779,CVE-2020-25632,CVE-2020-14372,CVE-2020-25647\n\nM\u00e1s info en: https://t.co/aMjzuwmvFF?amp=1\n/hashtag/ciberseguridad?src=hashtag_click /hashtag/grupoica?src=hashtag_click /hashtag/redhat?src=hashtag_click"}, {"link": "https://twitter.com/WolfgangSesin/status/1370199300102356994", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2020-25632 (enterprise_linux, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, fedora, grub2)) has been published on https://t.co/caDgElImJi?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1369749778779803659", "text": " NEW: CVE-2020-25632 A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still lo... (click for more) Severity: HIGH https://t.co/FQSbnWSui5?amp=1"}, {"link": "https://twitter.com/VulmonFeeds/status/1404575173718728704", "text": "CVE-2020-25632\n\nA flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded lea...\n\nhttps://t.co/QtLnl3Yy7R?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1525269823873335297", "text": "New post from https://t.co/9KYxtdZjkl (CVE-2020-25632 (enterprise_linux, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, fedora, grub2, ...) has been published on https://t.co/PbSs5oOJA6", "author": "www_sesin_at", "author_photo": "https://pbs.twimg.com/profile_images/958100963822329858/fb_N8h5n_400x400.jpg"}, {"link": "https://twitter.com/WolfgangSesin/status/1525269822623436801", "text": "New post from https://t.co/uXvPWJy6tj (CVE-2020-25632 (enterprise_linux, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, fedora, grub2, ...) has been published on https://t.co/pD2pA2r0q7", "author": "WolfgangSesin", "author_photo": "https://pbs.twimg.com/profile_images/957011635369054208/Om3jbj7z_400x400.jpg"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:0696", "ALSA-2021:1734", "ALSA-2021:2566"]}, {"type": "amazon", "idList": ["ALAS2-2021-1684"]}, {"type": "archlinux", "idList": ["ASA-202106-43"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4867-1:C31EC"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-25632"]}, {"type": "fedora", "idList": ["FEDORA:0311A304C5D2", "FEDORA:2C805304C743", "FEDORA:482AD312AD6B", "FEDORA:5DC52306C90A", "FEDORA:D12B9304C743", "FEDORA:E96CA304C35D"]}, {"type": "gentoo", "idList": ["GLSA-202104-05"]}, {"type": "hp", "idList": ["HP:C06707446"]}, {"type": "ibm", "idList": ["B80D2752DA6D220C15B399D294DC83B951CF616E39EF752AB12C0553D569D418"]}, {"type": "mscve", "idList": ["MS:ADV200011"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1684.NASL", "CENTOS8_RHSA-2021-0696.NASL", "DEBIAN_DSA-4867.NASL", "EULEROS_SA-2021-1714.NASL", "EULEROS_SA-2021-1741.NASL", "EULEROS_SA-2021-1794.NASL", "EULEROS_SA-2021-1927.NASL", "EULEROS_SA-2021-1948.NASL", "EULEROS_SA-2021-2126.NASL", "GENTOO_GLSA-202104-05.NASL", "ORACLELINUX_ELSA-2021-9076.NASL", "ORACLELINUX_ELSA-2021-9077.NASL", "PHOTONOS_PHSA-2021-1_0-0376_GRUB2.NASL", "PHOTONOS_PHSA-2021-2_0-0334_GRUB2.NASL", "PHOTONOS_PHSA-2021-3_0-0202_GRUB2.NASL", "REDHAT-RHSA-2021-0696.NASL", "REDHAT-RHSA-2021-0697.NASL", "REDHAT-RHSA-2021-0698.NASL", "REDHAT-RHSA-2021-0699.NASL", "REDHAT-RHSA-2021-0700.NASL", "REDHAT-RHSA-2021-0701.NASL", "REDHAT-RHSA-2021-0702.NASL", "REDHAT-RHSA-2021-0703.NASL", "REDHAT-RHSA-2021-0704.NASL", "REDHAT-RHSA-2021-2790.NASL", "REDHAT-RHSA-2021-3675.NASL", "SUSE_SU-2021-0679-1.NASL", "SUSE_SU-2021-0681-1.NASL", "SUSE_SU-2021-0682-1.NASL", "SUSE_SU-2021-0683-1.NASL", "SUSE_SU-2021-0684-1.NASL", "SUSE_SU-2021-0685-1.NASL", "SUSE_SU-2021-14659-1.NASL", "UBUNTU_USN-4992-1.NASL", "WINDOWS_UEFI_BOOTHOLE.NBIN"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-0699", "ELSA-2021-9076", "ELSA-2021-9077"]}, {"type": "photon", "idList": ["PHSA-2021-1.0-0376", "PHSA-2021-2.0-0334", "PHSA-2021-3.0-0202", "PHSA-2021-4.0-0001"]}, {"type": "redhat", "idList": ["RHSA-2021:3675"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-14372", "RH:CVE-2020-25632"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0462-1"]}, {"type": "ubuntu", "idList": ["USN-4992-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-25632"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-25632", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}], "short_description": "Flaw in grub2 allows arbitrary code execution, bypass Secure Boo", "tags": ["grub2", "vulnerability", "arbitrary code execution", "secure boot", "cve-2020-25632", "nvd"], "vulnersScore": 8.2}, "_state": {"dependencies": 1701536082, "score": 1701533623, "twitter": 0, "affected_software_major_version": 0, "epss": 0, "chatgpt": 0}, "_internal": {"score_hash": "5dd7dac105cc4e5dd082e3114e3e2259", "chatgpt": "bcd8b0c2eb1fce714eab6cef0d771acc"}, "cna_cvss": {"cna": "redhat", "cvss": {}}, "cpe": ["cpe:/a:netapp:ontap_select_deploy_administration_utility:-", "cpe:/o:redhat:enterprise_linux_server_eus:8.1", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.7", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.7", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server_aus:8.2", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:7.7", "cpe:/o:redhat:enterprise_linux_server_tus:7.4", "cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:redhat:enterprise_linux_server_tus:8.2"], "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:8.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"], "cwe": ["CWE-416"], "affectedSoftware": [{"cpeName": "gnu:grub2", "version": "2.06", "operator": "lt", "name": "gnu grub2"}, {"cpeName": "redhat:enterprise_linux_server_aus", "version": "7.2", "operator": "eq", "name": "redhat enterprise linux server aus"}, {"cpeName": "redhat:enterprise_linux_workstation", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux workstation"}, {"cpeName": "redhat:enterprise_linux", "version": "7.0", "operator": "eq", "name": "redhat enterprise linux"}, {"cpeName": "redhat:enterprise_linux_server_aus", "version": "7.3", "operator": "eq", "name": "redhat enterprise linux server aus"}, {"cpeName": "redhat:enterprise_linux_server_aus", "version": "7.4", "operator": "eq", "name": "redhat enterprise linux server aus"}, {"cpeName": "redhat:enterprise_linux_server_tus", "version": "7.4", "operator": "eq", "name": "redhat enterprise linux server tus"}, {"cpeName": "redhat:enterprise_linux_server_tus", "version": "7.6", "operator": "eq", "name": "redhat enterprise linux server tus"}, {"cpeName": "redhat:enterprise_linux_server_eus", "version": "7.6", "operator": "eq", "name": "redhat enterprise linux server eus"}, {"cpeName": "redhat:enterprise_linux_server_aus", "version": "7.6", "operator": "eq", "name": "redhat enterprise linux server aus"}, {"cpeName": "redhat:enterprise_linux", "version": "8.0", "operator": "eq", "name": "redhat enterprise linux"}, {"cpeName": "redhat:enterprise_linux_server_eus", "version": "7.7", "operator": "eq", "name": "redhat enterprise linux server eus"}, {"cpeName": "redhat:enterprise_linux_server_aus", "version": "7.7", "operator": "eq", "name": "redhat enterprise linux server aus"}, {"cpeName": "redhat:enterprise_linux_server_tus", "version": "7.7", "operator": "eq", "name": "redhat enterprise linux server tus"}, {"cpeName": "redhat:enterprise_linux_server_eus", "version": "8.1", "operator": "eq", "name": "redhat enterprise linux server eus"}, {"cpeName": "redhat:enterprise_linux_server_tus", "version": "8.2", "operator": "eq", "name": "redhat enterprise linux server tus"}, {"cpeName": "redhat:enterprise_linux_server_aus", "version": "8.2", "operator": "eq", "name": "redhat enterprise linux server aus"}, {"cpeName": "fedoraproject:fedora", "version": "33", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "34", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "netapp:ontap_select_deploy_administration_utility", "version": "-", "operator": "eq", "name": "netapp ontap select deploy administration utility"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:gnu:grub2:2.06:*:*:*:*:*:*:*", "versionEndExcluding": "2.06", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:8.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879577", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879577", "refsource": "MISC", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"]}, {"url": "https://security.gentoo.org/glsa/202104-05", "name": "GLSA-202104-05", "refsource": "GENTOO", "tags": ["Third Party Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20220325-0001/", "name": "https://security.netapp.com/advisory/ntap-20220325-0001/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/", "name": "FEDORA-2021-cab258a413", "refsource": "", "tags": []}], "product_info": [{"vendor": "Gnu", "product": "Grub2"}, {"vendor": "Netapp", "product": "Ontap_select_deploy_administration_utility"}, {"vendor": "Redhat", "product": "Enterprise_linux"}, {"vendor": "Redhat", "product": "Enterprise_linux_server_eus"}, {"vendor": "Redhat", "product": "Enterprise_linux_server_aus"}, {"vendor": "Redhat", "product": "Enterprise_linux_server_tus"}, {"vendor": "Redhat", "product": "Enterprise_linux_workstation"}, {"vendor": "Fedoraproject", "product": "Fedora"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "2020-09-16T00:00:00"}
{"veracode": [{"lastseen": "2023-04-18T06:55:12", "description": "grub is vulnerable to arbitrary code execution. A use-after-free in the mmod implementation allows for the bypass of Secure Boot protections and potentially arbtirary code execution on the host OS.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-03T08:01:56", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25632"], "modified": "2022-05-13T22:35:03", "id": "VERACODE:29555", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29555/summary", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2023-12-02T17:38:19", "description": "A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-02T18:33:21", "type": "redhatcve", "title": "CVE-2020-25632", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25632"], "modified": "2023-11-16T17:15:27", "id": "RH:CVE-2020-25632", "href": "https://access.redhat.com/security/cve/cve-2020-25632", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T17:38:19", "description": "A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-02T18:03:04", "type": "redhatcve", "title": "CVE-2020-14372", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10713", "CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-16T17:15:27", "id": "RH:CVE-2020-14372", "href": "https://access.redhat.com/security/cve/cve-2020-14372", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cbl_mariner": [{"lastseen": "2023-12-02T20:18:22", "description": "CVE-2020-25632 affecting package grub2 2.06~rc1-7. A patched version of the package is available.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-26T20:17:11", "type": "cbl_mariner", "title": "CVE-2020-25632 affecting package grub2 2.06~rc1-7", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25632"], "modified": "2022-04-26T20:17:11", "id": "CBLMARINER:6461", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T20:18:18", "description": "CVE-2020-25632 affecting package grub2 2.06~rc1-10. A patched version of the package is available.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-05-06T23:56:52", "type": "cbl_mariner", "title": "CVE-2020-25632 affecting package grub2 2.06~rc1-10", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25632"], "modified": "2021-05-06T23:56:52", "id": "CBLMARINER:3931", "href": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "alpinelinux": [{"lastseen": "2023-12-02T17:25:17", "description": "A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-03T17:15:00", "type": "alpinelinux", "title": "CVE-2020-25632", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25632"], "modified": "2023-11-07T03:20:00", "id": "ALPINE:CVE-2020-25632", "href": "https://security.alpinelinux.org/vuln/CVE-2020-25632", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2023-12-02T14:08:30", "description": "A flaw was found in grub2 in versions prior to 2.06. The rmmod\nimplementation allows the unloading of a module used as a dependency\nwithout checking if any other dependent module is still loaded leading to a\nuse-after-free scenario. This could allow arbitrary code to be executed or\na bypass of Secure Boot protections. The highest threat from this\nvulnerability is to data confidentiality and integrity as well as system\navailability.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[alexmurray](<https://launchpad.net/~alexmurray>) | CVE title: \"grub2: use-after-free in rmmod command\" \n[sbeattie](<https://launchpad.net/~sbeattie>) | grub2-unsigned will contain fixes and supersede grub2, which will contain only BIOS grub bits.\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-02T00:00:00", "type": "ubuntucve", "title": "CVE-2020-25632", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25632"], "modified": "2021-03-02T00:00:00", "id": "UB:CVE-2020-25632", "href": "https://ubuntu.com/security/CVE-2020-25632", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "prion": [{"lastseen": "2023-11-22T01:31:00", "description": "A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-03-03T17:15:00", "type": "prion", "title": "Denial of service", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:L/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "MULTIPLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25632"], "modified": "2023-11-07T03:20:00", "id": "PRION:CVE-2020-25632", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2020-25632", "cvss": {"score": 4.0, "vector": "AV:L/AC:L/Au:M/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-11-22T20:47:47", "description": "A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {}, "published": "2021-03-03T17:15:00", "type": "osv", "title": "CVE-2020-25632", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-25632"], "modified": "2022-11-22T20:47:46", "id": "OSV:CVE-2020-25632", "href": "https://osv.dev/vulnerability/CVE-2020-25632", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-28T06:52:19", "description": "\nSeveral vulnerabilities have been discovered in the GRUB2 bootloader.\n\n\n* [CVE-2020-14372](https://security-tracker.debian.org/tracker/CVE-2020-14372)\nIt was discovered that the acpi command allows a privileged user to\n load crafted ACPI tables when Secure Boot is enabled.\n* [CVE-2020-25632](https://security-tracker.debian.org/tracker/CVE-2020-25632)\nA use-after-free vulnerability was found in the rmmod command.\n* [CVE-2020-25647](https://security-tracker.debian.org/tracker/CVE-2020-25647)\nAn out-of-bound write vulnerability was found in the\n grub\\_usb\\_device\\_initialize() function, which is called to handle USB\n device initialization.\n* [CVE-2020-27749](https://security-tracker.debian.org/tracker/CVE-2020-27749)\nA stack buffer overflow flaw was found in grub\\_parser\\_split\\_cmdline.\n* [CVE-2020-27779](https://security-tracker.debian.org/tracker/CVE-2020-27779)\nIt was discovered that the cutmem command allows a privileged user\n to remove memory regions when Secure Boot is enabled.\n* [CVE-2021-20225](https://security-tracker.debian.org/tracker/CVE-2021-20225)\nA heap out-of-bounds write vulnerability was found in the short form\n option parser.\n* [CVE-2021-20233](https://security-tracker.debian.org/tracker/CVE-2021-20233)\nA heap out-of-bound write flaw was found caused by mis-calculation\n of space required for quoting in the menu rendering.\n\n\nFurther detailed information can be found at\n<https://www.debian.org/security/2021-GRUB-UEFI-SecureBoot>\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.02+dfsg1-20+deb10u4.\n\n\nWe recommend that you upgrade your grub2 packages.\n\n\nFor the detailed security status of grub2 please refer to its security\ntracker page at:\n<https://security-tracker.debian.org/tracker/grub2>\n\n\n", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-02T00:00:00", "type": "osv", "title": "grub2 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-06-28T06:51:14", "id": "OSV:DSA-4867-1", "href": "https://osv.dev/vulnerability/DSA-4867-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2023-12-02T18:25:19", "description": "A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-03-03T17:15:00", "type": "debiancve", "title": "CVE-2020-25632", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25632"], "modified": "2021-03-03T17:15:00", "id": "DEBIANCVE:CVE-2020-25632", "href": "https://security-tracker.debian.org/tracker/CVE-2020-25632", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-11-15T15:37:23", "description": "The remote Windows host is missing an update to the Secure Boot DBX. It is, therefore, affected by multiple vulnerabilities:\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\n\nAdditionally, the host is affected by several other security feature bypasses in Secure Boot.\n\nNote: Tenable is testing for the presence of the expected signatures added in the DBX update published on March 2, 2021 referenced in the vendor advisory.", "cvss3": {}, "published": "2020-07-31T00:00:00", "type": "nessus", "title": "Windows Security Feature Bypass in Secure Boot (BootHole)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25632", "CVE-2021-20233"], "modified": "2023-11-14T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "WINDOWS_UEFI_BOOTHOLE.NBIN", "href": "https://www.tenable.com/plugins/nessus/139239", "sourceData": "Binary data windows_uefi_boothole.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:59", "description": "According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : grub2 (EulerOS-SA-2021-2126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25632", "CVE-2020-25647", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-pc-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2021-2126.NASL", "href": "https://www.tenable.com/plugins/nessus/151415", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151415);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/08\");\n\n script_cve_id(\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : grub2 (EulerOS-SA-2021-2126)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in grub2. The rmmod implementation\n allows the unloading of a module used as a dependency\n without checking if any other dependent module is still\n loaded leading to a use-after-free scenario. This could\n allow arbitrary code to be executed or a bypass of\n Secure Boot protections. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2. During USB device\n initialization, descriptors are read with very little\n bounds checking and assumes the USB device is providing\n sane values. If properly exploited, an attacker could\n trigger memory corruption leading to arbitrary code\n execution allowing a bypass of the Secure Boot\n mechanism. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2. The option parser allows an\n attacker to write past the end of a heap-allocated\n buffer by calling certain commands with a large number\n of specific short forms of options. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2. Setparam_prefix() in the\n menu rendering code performs a length calculation on\n the assumption that expressing a quoted single quote\n will require 3 characters, while it actually requires 4\n characters which allows an attacker to corrupt memory\n by one byte for each quote in the input. The highest\n threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2126\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?02a5e8e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.65.2.h16\",\n \"grub2-common-2.02-0.65.2.h16\",\n \"grub2-efi-x64-modules-2.02-0.65.2.h16\",\n \"grub2-pc-2.02-0.65.2.h16\",\n \"grub2-pc-modules-2.02-0.65.2.h16\",\n \"grub2-tools-2.02-0.65.2.h16\",\n \"grub2-tools-extra-2.02-0.65.2.h16\",\n \"grub2-tools-minimal-2.02-0.65.2.h16\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:46", "description": "According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : grub2 (EulerOS-SA-2021-1900)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25632", "CVE-2020-25647", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-05-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-ia32", "p-cpe:/a:huawei:euleros:grub2-efi-ia32-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-pc-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1900.NASL", "href": "https://www.tenable.com/plugins/nessus/149593", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149593);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/20\");\n\n script_cve_id(\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : grub2 (EulerOS-SA-2021-1900)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read\n with very little bounds checking and assumes the USB\n device is providing sane values. If properly exploited,\n an attacker could trigger memory corruption leading to\n arbitrary code execution allowing a bypass of the\n Secure Boot mechanism. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the\n end of a heap-allocated buffer by calling certain\n commands with a large number of specific short forms of\n options. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any\n other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary\n code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a\n length calculation on the assumption that expressing a\n quoted single quote will require 3 characters, while it\n actually requires 4 characters which allows an attacker\n to corrupt memory by one byte for each quote in the\n input. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1900\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?620b1a78\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-common-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-efi-ia32-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-efi-ia32-cdboot-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-efi-x64-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-efi-x64-cdboot-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-efi-x64-modules-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-pc-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-pc-modules-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-tools-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-tools-extra-2.02-0.65.2.h20.eulerosv2r7\",\n \"grub2-tools-minimal-2.02-0.65.2.h20.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:20", "description": "According to the versions of the grub2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : grub2 (EulerOS-SA-2021-2082)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2082.NASL", "href": "https://www.tenable.com/plugins/nessus/151349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151349);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : grub2 (EulerOS-SA-2021-2082)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a\n length calculation on the assumption that expressing a\n quoted single quote will require 3 characters, while it\n actually requires 4 characters which allows an attacker\n to corrupt memory by one byte for each quote in the\n input. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the\n end of a heap-allocated buffer by calling certain\n commands with a large number of specific short forms of\n options. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read\n with very little bounds checking and assumes the USB\n device is providing sane values. If properly exploited,\n an attacker could trigger memory corruption leading to\n arbitrary code execution allowing a bypass of the\n Secure Boot mechanism. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any\n other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary\n code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06,\n where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows\n an attacker with privileged access to craft a Secondary\n System Description Table (SSDT) containing code to\n overwrite the Linux kernel lockdown variable content\n directly into memory. The table is further loaded and\n executed by the kernel, defeating its Secure Boot\n lockdown and allowing the attacker to load unsigned\n code. The highest threat from this vulnerability is to\n data confidentiality and integrity, as well as system\n availability.(CVE-2020-14372)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2082\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?320dd5cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-0.65.2.h11\",\n \"grub2-efi-aa64-2.02-0.65.2.h11\",\n \"grub2-efi-aa64-modules-2.02-0.65.2.h11\",\n \"grub2-tools-2.02-0.65.2.h11\",\n \"grub2-tools-extra-2.02-0.65.2.h11\",\n \"grub2-tools-minimal-2.02-0.65.2.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-22T15:09:49", "description": "According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : grub2 (EulerOS-SA-2021-2868)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-ia32", "p-cpe:/a:huawei:euleros:grub2-efi-ia32-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-pc-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-2868.NASL", "href": "https://www.tenable.com/plugins/nessus/156509", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156509);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/21\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : grub2 (EulerOS-SA-2021-2868)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2868\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?766ff1d4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"grub2-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-common-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-ia32-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-ia32-cdboot-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-x64-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-x64-cdboot-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-x64-modules-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-pc-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-pc-modules-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-tools-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-tools-extra-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-tools-minimal-2.02-0.65.2.h22.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:07", "description": "According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : grub2 (EulerOS-SA-2021-2027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-ia32", "p-cpe:/a:huawei:euleros:grub2-efi-ia32-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-pc-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-2027.NASL", "href": "https://www.tenable.com/plugins/nessus/151256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151256);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : grub2 (EulerOS-SA-2021-2027)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a\n length calculation on the assumption that expressing a\n quoted single quote will require 3 characters, while it\n actually requires 4 characters which allows an attacker\n to corrupt memory by one byte for each quote in the\n input. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the\n end of a heap-allocated buffer by calling certain\n commands with a large number of specific short forms of\n options. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2. During USB device\n initialization, descriptors are read with very little\n bounds checking and assumes the USB device is providing\n sane values. If properly exploited, an attacker could\n trigger memory corruption leading to arbitrary code\n execution allowing a bypass of the Secure Boot\n mechanism. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any\n other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary\n code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06,\n where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows\n an attacker with privileged access to craft a Secondary\n System Description Table (SSDT) containing code to\n overwrite the Linux kernel lockdown variable content\n directly into memory. The table is further loaded and\n executed by the kernel, defeating its Secure Boot\n lockdown and allowing the attacker to load unsigned\n code. The highest threat from this vulnerability is to\n data confidentiality and integrity, as well as system\n availability.(CVE-2020-14372)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2027\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?80300891\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-common-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-ia32-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-ia32-cdboot-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-x64-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-x64-cdboot-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-efi-x64-modules-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-pc-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-pc-modules-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-tools-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-tools-extra-2.02-0.65.2.h22.eulerosv2r7\",\n \"grub2-tools-minimal-2.02-0.65.2.h22.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:03:05", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4992-1 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-18T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : GRUB 2 vulnerabilities (USN-4992-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-bin", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-signed", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-bin", "p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-signed"], "id": "UBUNTU_USN-4992-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150867", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4992-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150867);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"USN\", value:\"4992-1\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : GRUB 2 vulnerabilities (USN-4992-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4992-1 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4992-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-amd64-signed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:grub-efi-arm64-signed\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'grub-efi-amd64', 'pkgver': '2.04-1ubuntu44.1.2'},\n {'osver': '18.04', 'pkgname': 'grub-efi-amd64-bin', 'pkgver': '2.04-1ubuntu44.1.2'},\n {'osver': '18.04', 'pkgname': 'grub-efi-amd64-signed', 'pkgver': '1.167~18.04.5+2.04-1ubuntu44.1.2'},\n {'osver': '18.04', 'pkgname': 'grub-efi-arm64', 'pkgver': '2.04-1ubuntu44.1.2'},\n {'osver': '18.04', 'pkgname': 'grub-efi-arm64-bin', 'pkgver': '2.04-1ubuntu44.1.2'},\n {'osver': '18.04', 'pkgname': 'grub-efi-arm64-signed', 'pkgver': '1.167~18.04.5+2.04-1ubuntu44.1.2'},\n {'osver': '20.04', 'pkgname': 'grub-efi-amd64', 'pkgver': '2.04-1ubuntu44.2'},\n {'osver': '20.04', 'pkgname': 'grub-efi-amd64-bin', 'pkgver': '2.04-1ubuntu44.2'},\n {'osver': '20.04', 'pkgname': 'grub-efi-amd64-signed', 'pkgver': '1.167.2+2.04-1ubuntu44.2'},\n {'osver': '20.04', 'pkgname': 'grub-efi-arm64', 'pkgver': '2.04-1ubuntu44.2'},\n {'osver': '20.04', 'pkgname': 'grub-efi-arm64-bin', 'pkgver': '2.04-1ubuntu44.2'},\n {'osver': '20.04', 'pkgname': 'grub-efi-arm64-signed', 'pkgver': '1.167.2+2.04-1ubuntu44.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub-efi-amd64 / grub-efi-amd64-bin / grub-efi-amd64-signed / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:08:19", "description": "According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : grub2 (EulerOS-SA-2021-1794)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-pc-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1794.NASL", "href": "https://www.tenable.com/plugins/nessus/149104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149104);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : grub2 (EulerOS-SA-2021-1794)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06,\n where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows\n an attacker with privileged access to craft a Secondary\n System Description Table (SSDT) containing code to\n overwrite the Linux kernel lockdown variable content\n directly into memory. The table is further loaded and\n executed by the kernel, defeating its Secure Boot\n lockdown and allowing the attacker to load unsigned\n code. The highest threat from this vulnerability is to\n data confidentiality and integrity, as well as system\n availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read\n with very little bounds checking and assumes the USB\n device is providing sane values. If properly exploited,\n an attacker could trigger memory corruption leading to\n arbitrary code execution allowing a bypass of the\n Secure Boot mechanism. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a\n length calculation on the assumption that expressing a\n quoted single quote will require 3 characters, while it\n actually requires 4 characters which allows an attacker\n to corrupt memory by one byte for each quote in the\n input. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address\n ranges from memory creating an opportunity to\n circumvent SecureBoot protections after proper triage\n about grub's memory layout. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the\n end of a heap-allocated buffer by calling certain\n commands with a large number of specific short forms of\n options. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any\n other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary\n code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25632)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1794\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9073f327\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.64.h13\",\n \"grub2-common-2.02-0.64.h13\",\n \"grub2-efi-x64-2.02-0.64.h13\",\n \"grub2-efi-x64-cdboot-2.02-0.64.h13\",\n \"grub2-efi-x64-modules-2.02-0.64.h13\",\n \"grub2-pc-2.02-0.64.h13\",\n \"grub2-pc-modules-2.02-0.64.h13\",\n \"grub2-tools-2.02-0.64.h13\",\n \"grub2-tools-extra-2.02-0.64.h13\",\n \"grub2-tools-minimal-2.02-0.64.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-01T15:20:34", "description": "According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : grub2 (EulerOS-SA-2021-2376)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2", "p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-pc-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2376.NASL", "href": "https://www.tenable.com/plugins/nessus/153312", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153312);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/30\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : grub2 (EulerOS-SA-2021-2376)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read\n with very little bounds checking and assumes the USB\n device is providing sane values. If properly exploited,\n an attacker could trigger memory corruption leading to\n arbitrary code execution allowing a bypass of the\n Secure Boot mechanism. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the\n end of a heap-allocated buffer by calling certain\n commands with a large number of specific short forms of\n options. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any\n other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary\n code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a\n length calculation on the assumption that expressing a\n quoted single quote will require 3 characters, while it\n actually requires 4 characters which allows an attacker\n to corrupt memory by one byte for each quote in the\n input. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06,\n where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows\n an attacker with privileged access to craft a Secondary\n System Description Table (SSDT) containing code to\n overwrite the Linux kernel lockdown variable content\n directly into memory. The table is further loaded and\n executed by the kernel, defeating its Secure Boot\n lockdown and allowing the attacker to load unsigned\n code. The highest threat from this vulnerability is to\n data confidentiality and integrity, as well as system\n availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address\n ranges from memory creating an opportunity to\n circumvent SecureBoot protections after proper triage\n about grub's memory layout. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27779)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2376\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?558a3dad\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-2.02-0.64.h11\",\n \"grub2-common-2.02-0.64.h11\",\n \"grub2-efi-x64-2.02-0.64.h11\",\n \"grub2-pc-2.02-0.64.h11\",\n \"grub2-pc-modules-2.02-0.64.h11\",\n \"grub2-tools-2.02-0.64.h11\",\n \"grub2-tools-extra-2.02-0.64.h11\",\n \"grub2-tools-minimal-2.02-0.64.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:15:37", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0700 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2021:0700)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal"], "id": "REDHAT-RHSA-2021-0700.NASL", "href": "https://www.tenable.com/plugins/nessus/146960", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0700. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146960);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0700\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2021:0700)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0700 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.7')) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.7/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.7/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/os',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.7/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.7/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7_7.3', 'sp':'7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_7.3', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-efi-aa64-modules / grub2-efi-ia32 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:54", "description": "This update for grub2 fixes the following issues :\n\ngrub2 implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)\n\n - CVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\n - CVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)\n\n - CVE-2020-27749: Fixed a stack-based buffer overflow in grub_parser_split_cmdline (bsc#1179264)\n\n - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)\n\n - CVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)\n\n - CVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)\n\n - Fixed chainloading windows on dual boot machine (bsc#1183073)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : grub2 (openSUSE-2021-462)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:grub2", "p-cpe:/a:novell:opensuse:grub2-branding-upstream", "p-cpe:/a:novell:opensuse:grub2-debuginfo", "p-cpe:/a:novell:opensuse:grub2-debugsource", "p-cpe:/a:novell:opensuse:grub2-i386-efi", "p-cpe:/a:novell:opensuse:grub2-i386-efi-debug", "p-cpe:/a:novell:opensuse:grub2-i386-pc", "p-cpe:/a:novell:opensuse:grub2-i386-pc-debug", "p-cpe:/a:novell:opensuse:grub2-i386-xen", "p-cpe:/a:novell:opensuse:grub2-snapper-plugin", "p-cpe:/a:novell:opensuse:grub2-systemd-sleep-plugin", "p-cpe:/a:novell:opensuse:grub2-x86_64-efi", "p-cpe:/a:novell:opensuse:grub2-x86_64-efi-debug", "p-cpe:/a:novell:opensuse:grub2-x86_64-xen", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-462.NASL", "href": "https://www.tenable.com/plugins/nessus/148045", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-462.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148045);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/26\");\n\n script_cve_id(\"CVE-2020-14372\", \"CVE-2020-25632\", \"CVE-2020-25647\", \"CVE-2020-27749\", \"CVE-2020-27779\", \"CVE-2021-20225\", \"CVE-2021-20233\");\n\n script_name(english:\"openSUSE Security Update : grub2 (openSUSE-2021-462)\");\n script_summary(english:\"Check for the openSUSE-2021-462 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for grub2 fixes the following issues :\n\ngrub2 implements the new 'SBAT' method for SHIM based secure boot\nrevocation. (bsc#1182057)\n\n - CVE-2020-25632: Fixed a use-after-free in rmmod command\n (bsc#1176711)\n\n - CVE-2020-25647: Fixed an out-of-bound write in\n grub_usb_device_initialize() (bsc#1177883)\n\n - CVE-2020-27749: Fixed a stack-based buffer overflow in\n grub_parser_split_cmdline (bsc#1179264)\n\n - CVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi\n commands in secure boot mode (bsc#1179265 bsc#1175970)\n\n - CVE-2021-20225: Fixed a heap out-of-bounds write in\n short form option parser (bsc#1182262)\n\n - CVE-2021-20233: Fixed a heap out-of-bound write due to\n mis-calculation of space required for quoting\n (bsc#1182263)\n\n - Fixed chainloading windows on dual boot machine\n (bsc#1183073)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1175970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183073\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected grub2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-efi-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-pc-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-i386-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-snapper-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-systemd-sleep-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-x86_64-efi-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:grub2-x86_64-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-branding-upstream-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-debuginfo-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-debugsource-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-efi-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-efi-debug-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-pc-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-pc-debug-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-i386-xen-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-snapper-plugin-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-systemd-sleep-plugin-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-x86_64-efi-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-x86_64-efi-debug-2.04-lp152.7.22.7\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"grub2-x86_64-xen-2.04-lp152.7.22.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2 / grub2-branding-upstream / grub2-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:58", "description": "According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2021-1875)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-05-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1875.NASL", "href": "https://www.tenable.com/plugins/nessus/149601", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149601);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/20\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2021-1875)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a\n length calculation on the assumption that expressing a\n quoted single quote will require 3 characters, while it\n actually requires 4 characters which allows an attacker\n to corrupt memory by one byte for each quote in the\n input. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the\n end of a heap-allocated buffer by calling certain\n commands with a large number of specific short forms of\n options. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any\n other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary\n code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06,\n where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows\n an attacker with privileged access to craft a Secondary\n System Description Table (SSDT) containing code to\n overwrite the Linux kernel lockdown variable content\n directly into memory. The table is further loaded and\n executed by the kernel, defeating its Secure Boot\n lockdown and allowing the attacker to load unsigned\n code. The highest threat from this vulnerability is to\n data confidentiality and integrity, as well as system\n availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read\n with very little bounds checking and assumes the USB\n device is providing sane values. If properly exploited,\n an attacker could trigger memory corruption leading to\n arbitrary code execution allowing a bypass of the\n Secure Boot mechanism. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Variable names present are expanded in the supplied\n command line into their corresponding variable\n contents, using a 1kB stack buffer for temporary\n storage, without sufficient bounds checking. If the\n function is called with a command line that references\n a variable with a sufficiently large payload, it is\n possible to overflow the stack buffer, corrupt the\n stack frame and control execution which could also\n circumvent Secure Boot protections. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address\n ranges from memory creating an opportunity to\n circumvent SecureBoot protections after proper triage\n about grub's memory layout. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27779)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1875\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e440f847\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-62.h29.eulerosv2r8\",\n \"grub2-efi-aa64-2.02-62.h29.eulerosv2r8\",\n \"grub2-efi-aa64-cdboot-2.02-62.h29.eulerosv2r8\",\n \"grub2-efi-aa64-modules-2.02-62.h29.eulerosv2r8\",\n \"grub2-tools-2.02-62.h29.eulerosv2r8\",\n \"grub2-tools-extra-2.02-62.h29.eulerosv2r8\",\n \"grub2-tools-minimal-2.02-62.h29.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:36:10", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2566 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-06T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : fwupd (RLSA-2021:2566)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:fwupd", "p-cpe:/a:rocky:linux:fwupd-debuginfo", "p-cpe:/a:rocky:linux:fwupd-debugsource", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-2566.NASL", "href": "https://www.tenable.com/plugins/nessus/184646", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:2566.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(184646);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"RLSA\", value:\"2021:2566\");\n\n script_name(english:\"Rocky Linux 8 : fwupd (RLSA-2021:2566)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2021:2566 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:2566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd, fwupd-debuginfo and / or fwupd-debugsource packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:fwupd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:fwupd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'fwupd-1.5.9-1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-1.5.9-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-debuginfo-1.5.9-1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-debuginfo-1.5.9-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-debugsource-1.5.9-1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-debugsource-1.5.9-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / fwupd-debuginfo / fwupd-debugsource');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:15", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1734 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : shim (RHSA-2021:1734)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:shim-aa64", "p-cpe:/a:redhat:enterprise_linux:shim-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-aarch64", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64", "p-cpe:/a:redhat:enterprise_linux:shim-x64"], "id": "REDHAT-RHSA-2021-1734.NASL", "href": "https://www.tenable.com/plugins/nessus/149687", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1734. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149687);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1734\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"RHEL 8 : shim (RHSA-2021:1734)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1734 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'shim-aa64-15.4-2.el8_1', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15.4-2.el8_1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-aarch64-15-7.el8_1', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15.4-4.el8_1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15.4-2.el8_1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'shim-aa64-15.4-2.el8_1', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15.4-2.el8_1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-aarch64-15-7.el8_1', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15.4-4.el8_1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15.4-2.el8_1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'shim-aa64-15.4-2.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15.4-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-aarch64-15-7.el8_1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15.4-4.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15.4-2.el8_1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'shim-aa64 / shim-ia32 / shim-unsigned-aarch64 / shim-unsigned-x64 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:57", "description": "According to the versions of the grub2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2021-2001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-07-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-2001.NASL", "href": "https://www.tenable.com/plugins/nessus/151182", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151182);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/02\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : grub2 (EulerOS-SA-2021-2001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a\n length calculation on the assumption that expressing a\n quoted single quote will require 3 characters, while it\n actually requires 4 characters which allows an attacker\n to corrupt memory by one byte for each quote in the\n input. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the\n end of a heap-allocated buffer by calling certain\n commands with a large number of specific short forms of\n options. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any\n other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary\n code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06,\n where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows\n an attacker with privileged access to craft a Secondary\n System Description Table (SSDT) containing code to\n overwrite the Linux kernel lockdown variable content\n directly into memory. The table is further loaded and\n executed by the kernel, defeating its Secure Boot\n lockdown and allowing the attacker to load unsigned\n code. The highest threat from this vulnerability is to\n data confidentiality and integrity, as well as system\n availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read\n with very little bounds checking and assumes the USB\n device is providing sane values. If properly exploited,\n an attacker could trigger memory corruption leading to\n arbitrary code execution allowing a bypass of the\n Secure Boot mechanism. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Variable names present are expanded in the supplied\n command line into their corresponding variable\n contents, using a 1kB stack buffer for temporary\n storage, without sufficient bounds checking. If the\n function is called with a command line that references\n a variable with a sufficiently large payload, it is\n possible to overflow the stack buffer, corrupt the\n stack frame and control execution which could also\n circumvent Secure Boot protections. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address\n ranges from memory creating an opportunity to\n circumvent SecureBoot protections after proper triage\n about grub's memory layout. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27779)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a91bec4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-62.h29.eulerosv2r8\",\n \"grub2-efi-aa64-2.02-62.h29.eulerosv2r8\",\n \"grub2-efi-aa64-cdboot-2.02-62.h29.eulerosv2r8\",\n \"grub2-efi-aa64-modules-2.02-62.h29.eulerosv2r8\",\n \"grub2-tools-2.02-62.h29.eulerosv2r8\",\n \"grub2-tools-extra-2.02-62.h29.eulerosv2r8\",\n \"grub2-tools-minimal-2.02-62.h29.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:43:58", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has grub2 packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : grub2 Multiple Vulnerabilities (NS-SA-2021-0182)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:grub2", "p-cpe:/a:zte:cgsl_core:grub2-common", "p-cpe:/a:zte:cgsl_core:grub2-debuginfo", "p-cpe:/a:zte:cgsl_core:grub2-efi-ia32", "p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-cdboot", "p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-modules", "p-cpe:/a:zte:cgsl_core:grub2-efi-x64", "p-cpe:/a:zte:cgsl_core:grub2-efi-x64-cdboot", "p-cpe:/a:zte:cgsl_core:grub2-efi-x64-modules", "p-cpe:/a:zte:cgsl_core:grub2-i386-modules", "p-cpe:/a:zte:cgsl_core:grub2-lang", "p-cpe:/a:zte:cgsl_core:grub2-pc", "p-cpe:/a:zte:cgsl_core:grub2-pc-modules", "p-cpe:/a:zte:cgsl_core:grub2-tools", "p-cpe:/a:zte:cgsl_core:grub2-tools-extra", "p-cpe:/a:zte:cgsl_core:grub2-tools-minimal", "p-cpe:/a:zte:cgsl_main:grub2", "p-cpe:/a:zte:cgsl_main:grub2-common", "p-cpe:/a:zte:cgsl_main:grub2-debuginfo", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-cdboot", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-modules", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64-cdboot", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64-modules", "p-cpe:/a:zte:cgsl_main:grub2-i386-modules", "p-cpe:/a:zte:cgsl_main:grub2-pc", "p-cpe:/a:zte:cgsl_main:grub2-pc-modules", "p-cpe:/a:zte:cgsl_main:grub2-tools", "p-cpe:/a:zte:cgsl_main:grub2-tools-extra", "p-cpe:/a:zte:cgsl_main:grub2-tools-minimal", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0182_GRUB2.NASL", "href": "https://www.tenable.com/plugins/nessus/154472", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0182. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154472);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : grub2 Multiple Vulnerabilities (NS-SA-2021-0182)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has grub2 packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0182\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-20233\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL grub2 packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-i386-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-i386-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'grub2-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-common-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-debuginfo-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-efi-ia32-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-efi-ia32-cdboot-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-efi-ia32-modules-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-efi-x64-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-efi-x64-cdboot-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-efi-x64-modules-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-i386-modules-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-lang-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-pc-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-pc-modules-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-tools-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-tools-extra-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite',\n 'grub2-tools-minimal-2.02-0.87.el7.centos.2.cgslv5_5.0.6.g2b401cf.lite'\n ],\n 'CGSL MAIN 5.05': [\n 'grub2-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-common-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-debuginfo-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-efi-ia32-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-efi-ia32-cdboot-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-efi-ia32-modules-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-efi-x64-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-efi-x64-cdboot-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-efi-x64-modules-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-i386-modules-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-pc-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-pc-modules-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-tools-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-tools-extra-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124',\n 'grub2-tools-minimal-2.02-0.87.el7.centos.2.cgslv5_5.0.7.g416c124'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:44:44", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2021-0133)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:grub2-common", "p-cpe:/a:zte:cgsl_main:grub2-debuginfo", "p-cpe:/a:zte:cgsl_main:grub2-debugsource", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-cdboot", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-modules", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64-cdboot", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64-modules", "p-cpe:/a:zte:cgsl_main:grub2-pc", "p-cpe:/a:zte:cgsl_main:grub2-pc-modules", "p-cpe:/a:zte:cgsl_main:grub2-tools", "p-cpe:/a:zte:cgsl_main:grub2-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:grub2-tools-efi", "p-cpe:/a:zte:cgsl_main:grub2-tools-efi-debuginfo", "p-cpe:/a:zte:cgsl_main:grub2-tools-extra", "p-cpe:/a:zte:cgsl_main:grub2-tools-extra-debuginfo", "p-cpe:/a:zte:cgsl_main:grub2-tools-minimal", "p-cpe:/a:zte:cgsl_main:grub2-tools-minimal-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2021-0133_GRUB2.NASL", "href": "https://www.tenable.com/plugins/nessus/154506", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0133. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154506);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : grub2 Multiple Vulnerabilities (NS-SA-2021-0133)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has grub2 packages installed that are affected by multiple\nvulnerabilities:\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0133\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-20233\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL grub2 packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-efi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-minimal-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'grub2-common-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-debuginfo-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-debugsource-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-efi-ia32-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-efi-ia32-cdboot-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-efi-ia32-modules-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-efi-x64-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-efi-x64-cdboot-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-efi-x64-modules-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-pc-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-pc-modules-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-tools-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-tools-debuginfo-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-tools-efi-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-tools-efi-debuginfo-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-tools-extra-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-tools-extra-debuginfo-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-tools-minimal-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf',\n 'grub2-tools-minimal-debuginfo-2.02-90.el8_3.1.cgslv6_2.6.g7f9eeaf'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:32:29", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1734 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : shim (ALSA-2021:1734)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-10T00:00:00", "cpe": ["p-cpe:/a:alma:linux:shim-ia32", "p-cpe:/a:alma:linux:shim-unsigned-x64", "p-cpe:/a:alma:linux:shim-x64", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-1734.NASL", "href": "https://www.tenable.com/plugins/nessus/157572", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:1734.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157572);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/10\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"ALSA\", value:\"2021:1734\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"AlmaLinux 8 : shim (ALSA-2021:1734)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:1734 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-1734.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected shim-ia32, shim-unsigned-x64 and / or shim-x64 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:shim-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'shim-ia32-15.4-2.el8_1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15.4-4.el8_1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15.4-2.el8_1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'shim-ia32 / shim-unsigned-x64 / shim-x64');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-11T15:32:34", "description": "The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:2566 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : fwupd (ALSA-2021:2566)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-10T00:00:00", "cpe": ["p-cpe:/a:alma:linux:fwupd", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-2566.NASL", "href": "https://www.tenable.com/plugins/nessus/157697", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:2566.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157697);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/10\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"ALSA\", value:\"2021:2566\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"AlmaLinux 8 : fwupd (ALSA-2021:2566)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nALSA-2021:2566 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-2566.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'fwupd-1.5.9-1.el8_4.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:56:05", "description": "According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2021-1948)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-06-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-aa64", "p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1948.NASL", "href": "https://www.tenable.com/plugins/nessus/150176", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150176);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2021-1948)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address\n ranges from memory creating an opportunity to\n circumvent SecureBoot protections after proper triage\n about grub's memory layout. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06,\n where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows\n an attacker with privileged access to craft a Secondary\n System Description Table (SSDT) containing code to\n overwrite the Linux kernel lockdown variable content\n directly into memory. The table is further loaded and\n executed by the kernel, defeating its Secure Boot\n lockdown and allowing the attacker to load unsigned\n code. The highest threat from this vulnerability is to\n data confidentiality and integrity, as well as system\n availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any\n other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary\n code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the\n end of a heap-allocated buffer by calling certain\n commands with a large number of specific short forms of\n options. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a\n length calculation on the assumption that expressing a\n quoted single quote will require 3 characters, while it\n actually requires 4 characters which allows an attacker\n to corrupt memory by one byte for each quote in the\n input. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Variable names present are expanded in the supplied\n command line into their corresponding variable\n contents, using a 1kB stack buffer for temporary\n storage, without sufficient bounds checking. If the\n function is called with a command line that references\n a variable with a sufficiently large payload, it is\n possible to overflow the stack buffer, corrupt the\n stack frame and control execution which could also\n circumvent Secure Boot protections. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read\n with very little bounds checking and assumes the USB\n device is providing sane values. If properly exploited,\n an attacker could trigger memory corruption leading to\n arbitrary code execution allowing a bypass of the\n Secure Boot mechanism. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-25647)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1948\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6666a7e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-73.h26.eulerosv2r9\",\n \"grub2-efi-aa64-2.02-73.h26.eulerosv2r9\",\n \"grub2-efi-aa64-modules-2.02-73.h26.eulerosv2r9\",\n \"grub2-tools-2.02-73.h26.eulerosv2r9\",\n \"grub2-tools-extra-2.02-73.h26.eulerosv2r9\",\n \"grub2-tools-minimal-2.02-73.h26.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:15:13", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0698 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-02T00:00:00", "type": "nessus", "title": "RHEL 8 : grub2 (RHSA-2021:0698)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal"], "id": "REDHAT-RHSA-2021-0698.NASL", "href": "https://www.tenable.com/plugins/nessus/146951", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0698. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146951);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0698\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"RHEL 8 : grub2 (RHSA-2021:0698)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0698 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-common-2.02-87.el8_1.2', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-87.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-87.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_1.2', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_1.2', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_1.2', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_1.2', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_1.2', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_1.2', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_1.2', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_1.2', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_1.2', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_1.2', 'sp':'1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_1.2', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2-common / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:15:38", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0699 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2021:0699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal"], "id": "REDHAT-RHSA-2021-0699.NASL", "href": "https://www.tenable.com/plugins/nessus/146961", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0699. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146961);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0699\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2021:0699)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0699 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0699\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-2.02-0.87.el7_9.2', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.87.el7_9.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.87.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.87.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.87.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.87.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.87.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.87.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-2.02-0.87.el7_9.2', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.87.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-0.87.el7_9.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.87.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.87.el7_9.2', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.87.el7_9.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.87.el7_9.2', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.87.el7_9.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.87.el7_9.2', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.87.el7_9.2', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-efi-aa64-modules / grub2-efi-ia32 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:15:37", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0702 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-02T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2021:0702)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal"], "id": "REDHAT-RHSA-2021-0702.NASL", "href": "https://www.tenable.com/plugins/nessus/146954", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0702. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146954);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0702\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2021:0702)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0702 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.4/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7_4.2', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7_4.2', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7_4.2', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7_4.2', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7_4.2', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7_4.2', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7_4.2', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7_4.2', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_4.2', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-efi-aa64-modules / grub2-efi-ia32 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:26", "description": "This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot constraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in grub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)\n\ngrub2 was bumped to version 2.02, same as SUSE Linux Enterprise 12 SP3.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : grub2 (SUSE-SU-2021:0679-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-i386-pc", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "p-cpe:/a:novell:suse_linux:grub2-x86_64-efi", "p-cpe:/a:novell:suse_linux:grub2-x86_64-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0679-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146973", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0679-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146973);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-14372\", \"CVE-2020-25632\", \"CVE-2020-25647\", \"CVE-2020-27749\", \"CVE-2020-27779\", \"CVE-2021-20225\", \"CVE-2021-20233\");\n\n script_name(english:\"SUSE SLES12 Security Update : grub2 (SUSE-SU-2021:0679-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot\nrevocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot\nconstraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in\ngrub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in\ngrub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in\nsecure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option\nparser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation\nof space required for quoting (bsc#1182263)\n\ngrub2 was bumped to version 2.02, same as SUSE Linux Enterprise 12\nSP3.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27749/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27779/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20225/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20233/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210679-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5385088\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2021-679=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-679=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-679=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-679=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-i386-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"grub2-i386-pc-2.02-115.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"grub2-x86_64-efi-2.02-115.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"grub2-x86_64-xen-2.02-115.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-115.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"grub2-2.02-115.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"grub2-debuginfo-2.02-115.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"grub2-debugsource-2.02-115.59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:08", "description": "This update for grub2 fixes the following issues :\n\ngrub2 implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in grub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2021:0683-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0683-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146983", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0683-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146983);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-14372\", \"CVE-2020-25632\", \"CVE-2020-25647\", \"CVE-2020-27749\", \"CVE-2020-27779\", \"CVE-2021-20225\", \"CVE-2021-20233\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2021:0683-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for grub2 fixes the following issues :\n\ngrub2 implements the new 'SBAT' method for SHIM based secure boot\nrevocation. (bsc#1182057)\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in\ngrub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in\ngrub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in\nsecure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option\nparser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation\nof space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27749/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27779/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20225/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20233/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210683-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d86289b8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2021-683=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-683=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.04-9.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"grub2-2.04-9.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"grub2-debuginfo-2.04-9.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"grub2-debugsource-2.04-9.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.04-9.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"grub2-2.04-9.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"grub2-debuginfo-2.04-9.34.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"grub2-debugsource-2.04-9.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:06:17", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0696 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-05T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : SUMM: / grub2 (ELSA-2021-0696)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:grub2-common", "p-cpe:/a:oracle:linux:grub2-efi-aa64", "p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-aa64-modules", "p-cpe:/a:oracle:linux:grub2-efi-ia32", "p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-ia32-modules", "p-cpe:/a:oracle:linux:grub2-efi-x64", "p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-x64-modules", "p-cpe:/a:oracle:linux:grub2-pc", "p-cpe:/a:oracle:linux:grub2-pc-modules", "p-cpe:/a:oracle:linux:grub2-tools", "p-cpe:/a:oracle:linux:grub2-tools-efi", "p-cpe:/a:oracle:linux:grub2-tools-extra", "p-cpe:/a:oracle:linux:grub2-tools-minimal"], "id": "ORACLELINUX_ELSA-2021-0696.NASL", "href": "https://www.tenable.com/plugins/nessus/147169", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0696.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147169);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"Oracle Linux 8 : SUMM: / grub2 (ELSA-2021-0696)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0696 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0696.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-minimal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'grub2-common-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2-common / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:09", "description": "Several vulnerabilities have been discovered in the GRUB2 bootloader.\n\n - CVE-2020-14372 It was discovered that the acpi command allows a privileged user to load crafted ACPI tables when Secure Boot is enabled.\n\n - CVE-2020-25632 A use-after-free vulnerability was found in the rmmod command.\n\n - CVE-2020-25647 An out-of-bound write vulnerability was found in the grub_usb_device_initialize() function, which is called to handle USB device initialization.\n\n - CVE-2020-27749 A stack-based buffer overflow flaw was found in grub_parser_split_cmdline.\n\n - CVE-2020-27779 It was discovered that the cutmem command allows a privileged user to remove memory regions when Secure Boot is enabled.\n\n - CVE-2021-20225 A heap out-of-bounds write vulnerability was found in the short form option parser.\n\n - CVE-2021-20233 A heap out-of-bound write flaw was found caused by mis-calculation of space required for quoting in the menu rendering.\n\nFurther detailed information can be found at https://www.debian.org/security/2021-GRUB-UEFI-SecureBoot", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "Debian DSA-4867-1 : grub2 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:grub2", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4867.NASL", "href": "https://www.tenable.com/plugins/nessus/146986", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4867. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146986);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-14372\", \"CVE-2020-25632\", \"CVE-2020-25647\", \"CVE-2020-27749\", \"CVE-2020-27779\", \"CVE-2021-20225\", \"CVE-2021-20233\");\n script_xref(name:\"DSA\", value:\"4867\");\n\n script_name(english:\"Debian DSA-4867-1 : grub2 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the GRUB2 bootloader.\n\n - CVE-2020-14372\n It was discovered that the acpi command allows a\n privileged user to load crafted ACPI tables when Secure\n Boot is enabled.\n\n - CVE-2020-25632\n A use-after-free vulnerability was found in the rmmod\n command.\n\n - CVE-2020-25647\n An out-of-bound write vulnerability was found in the\n grub_usb_device_initialize() function, which is called\n to handle USB device initialization.\n\n - CVE-2020-27749\n A stack-based buffer overflow flaw was found in\n grub_parser_split_cmdline.\n\n - CVE-2020-27779\n It was discovered that the cutmem command allows a\n privileged user to remove memory regions when Secure\n Boot is enabled.\n\n - CVE-2021-20225\n A heap out-of-bounds write vulnerability was found in\n the short form option parser.\n\n - CVE-2021-20233\n A heap out-of-bound write flaw was found caused by\n mis-calculation of space required for quoting in the\n menu rendering.\n\nFurther detailed information can be found at\nhttps://www.debian.org/security/2021-GRUB-UEFI-SecureBoot\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-14372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-25632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-25647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-27779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-20225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2021-20233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021-GRUB-UEFI-SecureBoot\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/grub2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/grub2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4867\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the grub2 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.02+dfsg1-20+deb10u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"grub-common\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-coreboot\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-coreboot-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-coreboot-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-amd64\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-amd64-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-amd64-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-amd64-signed-template\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm64\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm64-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm64-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-arm64-signed-template\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-ia32\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-ia32-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-ia32-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-efi-ia32-signed-template\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-emu\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-emu-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-firmware-qemu\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-ieee1275\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-ieee1275-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-ieee1275-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-linuxbios\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-mount-udeb\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-pc\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-pc-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-pc-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-rescue-pc\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-theme-starfield\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-uboot\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-uboot-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-uboot-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-xen\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-xen-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-xen-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-xen-host\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-yeeloong\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-yeeloong-bin\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub-yeeloong-dbg\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub2\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"grub2-common\", reference:\"2.02+dfsg1-20+deb10u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:14:46", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0697 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-02T00:00:00", "type": "nessus", "title": "RHEL 8 : grub2 (RHSA-2021:0697)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal"], "id": "REDHAT-RHSA-2021-0697.NASL", "href": "https://www.tenable.com/plugins/nessus/146953", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0697. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146953);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0697\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"RHEL 8 : grub2 (RHSA-2021:0697)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0697 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-common-2.02-87.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-87.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-87.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-87.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-87.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-87.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-87.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-87.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-87.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-87.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-87.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-87.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-87.el8_2.3', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-87.el8_2.3', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2.3', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-87.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-87.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2.3', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-87.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2.3', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2.3', 'sp':'2', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-87.el8_2.3', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2-common / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:16:00", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0704 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-02T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2021:0704)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.2", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal"], "id": "REDHAT-RHSA-2021-0704.NASL", "href": "https://www.tenable.com/plugins/nessus/146952", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0704. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146952);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"RHSA\", value:\"2021:0704\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2021:0704)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0704 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.2')) audit(AUDIT_OS_NOT, 'Red Hat 7.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.2/x86_64/debug',\n 'content/aus/rhel/server/7/7.2/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.2/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.2/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.2/x86_64/os',\n 'content/aus/rhel/server/7/7.2/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-2.02-0.86.el7_2.2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7_2.2', 'sp':'2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7_2.2', 'sp':'2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7_2.2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7_2.2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7_2.2', 'sp':'2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7_2.2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7_2.2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7_2.2', 'sp':'2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7_2.2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7_2.2', 'sp':'2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7_2.2', 'sp':'2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7_2.2', 'sp':'2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7_2.2', 'sp':'2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_2.2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_2.2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_2.2', 'sp':'2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-efi-aa64-modules / grub2-efi-ia32 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:18", "description": "This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot constraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in grub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : grub2 (SUSE-SU-2021:0681-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-i386-pc", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "p-cpe:/a:novell:suse_linux:grub2-x86_64-efi", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0681-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146967", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0681-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146967);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-14372\", \"CVE-2020-25632\", \"CVE-2020-25647\", \"CVE-2020-27749\", \"CVE-2020-27779\", \"CVE-2021-20225\", \"CVE-2021-20233\");\n\n script_name(english:\"SUSE SLES12 Security Update : grub2 (SUSE-SU-2021:0681-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot\nrevocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot\nconstraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in\ngrub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in\ngrub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in\nsecure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option\nparser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation\nof space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27749/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27779/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20225/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20233/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210681-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fec2b515\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-681=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-681=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-681=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-681=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-681=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-i386-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"grub2-i386-pc-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"grub2-x86_64-efi-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"grub2-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"grub2-debuginfo-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"grub2-debugsource-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"grub2-i386-pc-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"grub2-x86_64-efi-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"grub2-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"grub2-debuginfo-2.02-12.47.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"grub2-debugsource-2.02-12.47.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:40", "description": "This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot constraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in grub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : grub2 (SUSE-SU-2021:0682-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-i386-pc", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "p-cpe:/a:novell:suse_linux:grub2-x86_64-efi", "p-cpe:/a:novell:suse_linux:grub2-x86_64-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0682-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146976", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0682-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146976);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-14372\", \"CVE-2020-25632\", \"CVE-2020-25647\", \"CVE-2020-27749\", \"CVE-2020-27779\", \"CVE-2021-20225\", \"CVE-2021-20233\");\n\n script_name(english:\"SUSE SLES12 Security Update : grub2 (SUSE-SU-2021:0682-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot\nrevocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot\nconstraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in\ngrub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in\ngrub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in\nsecure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option\nparser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation\nof space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27749/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27779/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20225/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20233/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210682-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74d437b8\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-682=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-682=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-682=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-682=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-682=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-682=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-i386-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-x86_64-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"grub2-i386-pc-2.02-4.69.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"grub2-x86_64-efi-2.02-4.69.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"grub2-x86_64-xen-2.02-4.69.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-4.69.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"grub2-2.02-4.69.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"grub2-debuginfo-2.02-4.69.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"grub2-debugsource-2.02-4.69.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:17", "description": "The version of grub2 installed on the remote host is prior to 2.06-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1684 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : grub2 (ALAS-2021-1684)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-07-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:grub2", "p-cpe:/a:amazon:linux:grub2-common", "p-cpe:/a:amazon:linux:grub2-debuginfo", "p-cpe:/a:amazon:linux:grub2-efi-aa64", "p-cpe:/a:amazon:linux:grub2-efi-aa64-cdboot", "p-cpe:/a:amazon:linux:grub2-efi-aa64-ec2", "p-cpe:/a:amazon:linux:grub2-efi-aa64-modules", "p-cpe:/a:amazon:linux:grub2-efi-x64", "p-cpe:/a:amazon:linux:grub2-efi-x64-cdboot", "p-cpe:/a:amazon:linux:grub2-efi-x64-ec2", "p-cpe:/a:amazon:linux:grub2-efi-x64-modules", "p-cpe:/a:amazon:linux:grub2-emu", "p-cpe:/a:amazon:linux:grub2-emu-modules", "p-cpe:/a:amazon:linux:grub2-pc", "p-cpe:/a:amazon:linux:grub2-pc-modules", "p-cpe:/a:amazon:linux:grub2-tools", "p-cpe:/a:amazon:linux:grub2-tools-efi", "p-cpe:/a:amazon:linux:grub2-tools-extra", "p-cpe:/a:amazon:linux:grub2-tools-minimal", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1684.NASL", "href": "https://www.tenable.com/plugins/nessus/151799", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1684.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151799);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/16\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"ALAS\", value:\"2021-1684\");\n\n script_name(english:\"Amazon Linux 2 : grub2 (ALAS-2021-1684)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of grub2 installed on the remote host is prior to 2.06-2. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1684 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1684.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update grub2' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-efi-aa64-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-efi-x64-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-emu-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'grub2-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-common-2.06-2.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-debuginfo-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-debuginfo-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-aa64-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-aa64-cdboot-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-aa64-ec2-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-aa64-modules-2.06-2.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-x64-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-x64-cdboot-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-x64-ec2-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-x64-modules-2.06-2.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-emu-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-emu-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-emu-modules-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-emu-modules-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-pc-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-pc-modules-2.06-2.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-efi-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-extra-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-extra-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-minimal-2.06-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-minimal-2.06-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2 / grub2-common / grub2-debuginfo / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:15:58", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0696 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-02T00:00:00", "type": "nessus", "title": "RHEL 8 : grub2 (RHSA-2021:0696)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal"], "id": "REDHAT-RHSA-2021-0696.NASL", "href": "https://www.tenable.com/plugins/nessus/146955", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0696. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146955);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0696\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"RHEL 8 : grub2 (RHSA-2021:0696)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0696 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-common-2.02-90.el8_3.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-90.el8_3.1', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-90.el8_3.1', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-90.el8_3.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-90.el8_3.1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-90.el8_3.1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-90.el8_3.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-90.el8_3.1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-90.el8_3.1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-90.el8_3.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-90.el8_3.1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-90.el8_3.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-90.el8_3.1', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-90.el8_3.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-90.el8_3.1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-common-2.02-90.el8_3.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-90.el8_3.1', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-90.el8_3.1', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-90.el8_3.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-90.el8_3.1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-90.el8_3.1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-90.el8_3.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-90.el8_3.1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-90.el8_3.1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-90.el8_3.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-90.el8_3.1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-90.el8_3.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-90.el8_3.1', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-90.el8_3.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-90.el8_3.1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-common-2.02-90.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-90.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-90.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-90.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-90.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-90.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-90.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-90.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-90.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-90.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-90.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-90.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-90.el8_3.1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-90.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-90.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2-common / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:14:25", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0703 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-02T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2021:0703)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.3", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal"], "id": "REDHAT-RHSA-2021-0703.NASL", "href": "https://www.tenable.com/plugins/nessus/146957", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0703. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146957);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"RHSA\", value:\"2021:0703\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2021:0703)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0703 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.3')) audit(AUDIT_OS_NOT, 'Red Hat 7.3', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.3/x86_64/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.3/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.3/x86_64/os',\n 'content/aus/rhel/server/7/7.3/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-2.02-0.86.el7_3.2', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7_3.2', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7_3.2', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7_3.2', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7_3.2', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7_3.2', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7_3.2', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7_3.2', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7_3.2', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7_3.2', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7_3.2', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7_3.2', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7_3.2', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7_3.2', 'sp':'3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_3.2', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_3.2', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_3.2', 'sp':'3', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-efi-aa64-modules / grub2-efi-ia32 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:19:17", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2566 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-29T00:00:00", "type": "nessus", "title": "RHEL 8 : fwupd (RHSA-2021:2566)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:fwupd"], "id": "REDHAT-RHSA-2021-2566.NASL", "href": "https://www.tenable.com/plugins/nessus/151140", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2566. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151140);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"RHSA\", value:\"2021:2566\");\n\n script_name(english:\"RHEL 8 : fwupd (RHSA-2021:2566)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2566 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2566\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.5.9-1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.5.9-1.el8_4', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.5.9-1.el8_4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:11", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:0699-1 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : grub2 on SL7.x x86_64 (2021:0699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-11T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:grub2", "p-cpe:/a:fermilab:scientific_linux:grub2-common", "p-cpe:/a:fermilab:scientific_linux:grub2-debuginfo", "p-cpe:/a:fermilab:scientific_linux:grub2-efi-aa64-modules", "p-cpe:/a:fermilab:scientific_linux:grub2-efi-ia32", "p-cpe:/a:fermilab:scientific_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:fermilab:scientific_linux:grub2-efi-ia32-modules", "p-cpe:/a:fermilab:scientific_linux:grub2-efi-x64", "p-cpe:/a:fermilab:scientific_linux:grub2-efi-x64-cdboot", "p-cpe:/a:fermilab:scientific_linux:grub2-efi-x64-modules", "p-cpe:/a:fermilab:scientific_linux:grub2-pc", "p-cpe:/a:fermilab:scientific_linux:grub2-pc-modules", "p-cpe:/a:fermilab:scientific_linux:grub2-ppc-modules", "p-cpe:/a:fermilab:scientific_linux:grub2-ppc64-modules", "p-cpe:/a:fermilab:scientific_linux:grub2-ppc64le-modules", "p-cpe:/a:fermilab:scientific_linux:grub2-tools", "p-cpe:/a:fermilab:scientific_linux:grub2-tools-extra", "p-cpe:/a:fermilab:scientific_linux:grub2-tools-minimal"], "id": "SL_20210303_GRUB2_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/147136", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147136);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"RHSA-2021:0699\");\n\n script_name(english:\"Scientific Linux Security Update : grub2 on SL7.x x86_64 (2021:0699)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:0699-1 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20210699-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:grub2-tools-minimal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\npkgs = [\n {'reference':'grub2-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-common-2.02-0.87.el7_9.2', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-debuginfo-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-aa64-modules-2.02-0.87.el7_9.2', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-ia32-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-ia32-modules-2.02-0.87.el7_9.2', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-x64-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-efi-x64-modules-2.02-0.87.el7_9.2', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-pc-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-pc-modules-2.02-0.87.el7_9.2', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-ppc-modules-2.02-0.87.el7_9.2', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-ppc64-modules-2.02-0.87.el7_9.2', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-ppc64le-modules-2.02-0.87.el7_9.2', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-extra-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'grub2-tools-minimal-2.02-0.87.el7_9.2', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-debuginfo / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:40", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9077 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : grub2 (ELSA-2021-9077)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:grub2-common", "p-cpe:/a:oracle:linux:grub2-efi-aa64", "p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-aa64-modules", "p-cpe:/a:oracle:linux:grub2-efi-ia32", "p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-ia32-modules", "p-cpe:/a:oracle:linux:grub2-efi-x64", "p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-x64-modules", "p-cpe:/a:oracle:linux:grub2-pc", "p-cpe:/a:oracle:linux:grub2-pc-modules", "p-cpe:/a:oracle:linux:grub2-tools", "p-cpe:/a:oracle:linux:grub2-tools-efi", "p-cpe:/a:oracle:linux:grub2-tools-extra", "p-cpe:/a:oracle:linux:grub2-tools-minimal"], "id": "ORACLELINUX_ELSA-2021-9077.NASL", "href": "https://www.tenable.com/plugins/nessus/146988", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9077.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146988);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"Oracle Linux 8 : grub2 (ELSA-2021-9077)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9077 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9077.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-minimal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'grub2-common-2.02-90.0.2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-90.0.2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-90.0.2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-90.0.2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-90.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-90.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-90.0.2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-90.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-90.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-90.0.2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-90.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-90.0.2.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.0.2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-90.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.0.2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.0.2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2-common / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:41", "description": "This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot constraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in grub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : grub2 (SUSE-SU-2021:0684-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0684-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0684-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146978);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-14372\", \"CVE-2020-25632\", \"CVE-2020-25647\", \"CVE-2020-27749\", \"CVE-2020-27779\", \"CVE-2021-20225\", \"CVE-2021-20233\");\n\n script_name(english:\"SUSE SLES15 Security Update : grub2 (SUSE-SU-2021:0684-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot\nrevocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot\nconstraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in\ngrub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in\ngrub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in\nsecure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option\nparser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation\nof space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27749/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27779/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20225/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20233/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210684-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?85a28919\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-684=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-684=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-684=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-684=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-684=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-684=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-684=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-684=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-684=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-26.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"grub2-2.02-26.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"grub2-debuginfo-2.02-26.43.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"grub2-debugsource-2.02-26.43.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:09", "description": "This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot revocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot constraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in grub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in grub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in secure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option parser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation of space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : grub2 (SUSE-SU-2021:0685-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:grub2", "p-cpe:/a:novell:suse_linux:grub2-debuginfo", "p-cpe:/a:novell:suse_linux:grub2-debugsource", "p-cpe:/a:novell:suse_linux:grub2-s390x-emu", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0685-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146982", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0685-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146982);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-14372\", \"CVE-2020-25632\", \"CVE-2020-25647\", \"CVE-2020-27749\", \"CVE-2020-27779\", \"CVE-2021-20225\", \"CVE-2021-20233\");\n\n script_name(english:\"SUSE SLES15 Security Update : grub2 (SUSE-SU-2021:0685-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for grub2 fixes the following issues :\n\ngrub2 now implements the new 'SBAT' method for SHIM based secure boot\nrevocation. (bsc#1182057)\n\nFollowing security issues are fixed that can violate secure boot\nconstraints :\n\nCVE-2020-25632: Fixed a use-after-free in rmmod command (bsc#1176711)\n\nCVE-2020-25647: Fixed an out-of-bound write in\ngrub_usb_device_initialize() (bsc#1177883)\n\nCVE-2020-27749: Fixed a stack-based buffer overflow in\ngrub_parser_split_cmdline (bsc#1179264)\n\nCVE-2020-27779, CVE-2020-14372: Disallow cutmem and acpi commands in\nsecure boot mode (bsc#1179265 bsc#1175970)\n\nCVE-2021-20225: Fixed a heap out-of-bounds write in short form option\nparser (bsc#1182262)\n\nCVE-2021-20233: Fixed a heap out-of-bound write due to mis-calculation\nof space required for quoting (bsc#1182263)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-14372/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27749/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27779/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20225/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20233/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210685-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d16979c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-685=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-685=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-685=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-685=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:grub2-s390x-emu\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"grub2-2.02-19.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"grub2-debuginfo-2.02-19.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"grub2-debugsource-2.02-19.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"grub2-s390x-emu-2.02-19.66.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:12:01", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2790 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "RHEL 8 : shim and fwupd (RHSA-2021:2790)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:fwupd", "p-cpe:/a:redhat:enterprise_linux:shim-aa64", "p-cpe:/a:redhat:enterprise_linux:shim-ia32", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-aarch64", "p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64", "p-cpe:/a:redhat:enterprise_linux:shim-x64"], "id": "REDHAT-RHSA-2021-2790.NASL", "href": "https://www.tenable.com/plugins/nessus/151844", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2790. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151844);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2790\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"RHEL 8 : shim and fwupd (RHSA-2021:2790)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2790 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:fwupd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-unsigned-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:shim-x64\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'fwupd-1.1.4-9.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-aa64-15.4-2.el8_1', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-ia32-15.4-2.el8_1', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-aarch64-15-7.el8_1', 'sp':'2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-unsigned-x64-15.4-4.el8_1', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shim-x64-15.4-2.el8_1', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / shim-aa64 / shim-ia32 / shim-unsigned-aarch64 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:45", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:2566 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-03T00:00:00", "type": "nessus", "title": "CentOS 8 : fwupd (CESA-2021:2566)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-07-03T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:fwupd"], "id": "CENTOS8_RHSA-2021-2566.NASL", "href": "https://www.tenable.com/plugins/nessus/151362", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:2566. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151362);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/03\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2566\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"CentOS 8 : fwupd (CESA-2021:2566)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:2566 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2566\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected fwupd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:fwupd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'fwupd-1.5.9-1.el8_4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fwupd-1.5.9-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:30:32", "description": "According to the versions of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25647)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2021-1927)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2021-06-07T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:grub2-common", "p-cpe:/a:huawei:euleros:grub2-efi-x64", "p-cpe:/a:huawei:euleros:grub2-efi-x64-modules", "p-cpe:/a:huawei:euleros:grub2-pc", "p-cpe:/a:huawei:euleros:grub2-pc-modules", "p-cpe:/a:huawei:euleros:grub2-tools", "p-cpe:/a:huawei:euleros:grub2-tools-efi", "p-cpe:/a:huawei:euleros:grub2-tools-extra", "p-cpe:/a:huawei:euleros:grub2-tools-minimal", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1927.NASL", "href": "https://www.tenable.com/plugins/nessus/150210", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150210);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : grub2 (EulerOS-SA-2021-1927)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the grub2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address\n ranges from memory creating an opportunity to\n circumvent SecureBoot protections after proper triage\n about grub's memory layout. The highest threat from\n this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06,\n where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows\n an attacker with privileged access to craft a Secondary\n System Description Table (SSDT) containing code to\n overwrite the Linux kernel lockdown variable content\n directly into memory. The table is further loaded and\n executed by the kernel, defeating its Secure Boot\n lockdown and allowing the attacker to load unsigned\n code. The highest threat from this vulnerability is to\n data confidentiality and integrity, as well as system\n availability.(CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any\n other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary\n code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability\n is to data confidentiality and integrity as well as\n system availability.(CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n The option parser allows an attacker to write past the\n end of a heap-allocated buffer by calling certain\n commands with a large number of specific short forms of\n options. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system\n availability.(CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Setparam_prefix() in the menu rendering code performs a\n length calculation on the assumption that expressing a\n quoted single quote will require 3 characters, while it\n actually requires 4 characters which allows an attacker\n to corrupt memory by one byte for each quote in the\n input. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system\n availability.(CVE-2021-20233)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n Variable names present are expanded in the supplied\n command line into their corresponding variable\n contents, using a 1kB stack buffer for temporary\n storage, without sufficient bounds checking. If the\n function is called with a command line that references\n a variable with a sufficiently large payload, it is\n possible to overflow the stack buffer, corrupt the\n stack frame and control execution which could also\n circumvent Secure Boot protections. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06.\n During USB device initialization, descriptors are read\n with very little bounds checking and assumes the USB\n device is providing sane values. If properly exploited,\n an attacker could trigger memory corruption leading to\n arbitrary code execution allowing a bypass of the\n Secure Boot mechanism. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-25647)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1927\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2420ed7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected grub2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"grub2-common-2.02-73.h26.eulerosv2r9\",\n \"grub2-efi-x64-2.02-73.h26.eulerosv2r9\",\n \"grub2-efi-x64-modules-2.02-73.h26.eulerosv2r9\",\n \"grub2-pc-2.02-73.h26.eulerosv2r9\",\n \"grub2-pc-modules-2.02-73.h26.eulerosv2r9\",\n \"grub2-tools-2.02-73.h26.eulerosv2r9\",\n \"grub2-tools-efi-2.02-73.h26.eulerosv2r9\",\n \"grub2-tools-extra-2.02-73.h26.eulerosv2r9\",\n \"grub2-tools-minimal-2.02-73.h26.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"grub2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T13:31:16", "description": "The remote Rocky Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2021:1734 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-07T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : shim (RLSA-2021:1734)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-07T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:shim-unsigned-aarch64", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-1734.NASL", "href": "https://www.tenable.com/plugins/nessus/184935", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:1734.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(184935);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/07\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n script_xref(name:\"RLSA\", value:\"2021:1734\");\n\n script_name(english:\"Rocky Linux 8 : shim (RLSA-2021:1734)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nRLSA-2021:1734 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:1734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected shim-unsigned-aarch64 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:shim-unsigned-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'shim-unsigned-aarch64-15-7.el8.1.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'shim-unsigned-aarch64');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-12T15:31:48", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:0696 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : grub2 (ALSA-2021:0696)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-10T00:00:00", "cpe": ["p-cpe:/a:alma:linux:grub2-common", "p-cpe:/a:alma:linux:grub2-efi-ia32", "p-cpe:/a:alma:linux:grub2-efi-ia32-cdboot", "p-cpe:/a:alma:linux:grub2-efi-ia32-modules", "p-cpe:/a:alma:linux:grub2-efi-x64", "p-cpe:/a:alma:linux:grub2-efi-x64-cdboot", "p-cpe:/a:alma:linux:grub2-efi-x64-modules", "p-cpe:/a:alma:linux:grub2-pc", "p-cpe:/a:alma:linux:grub2-pc-modules", "p-cpe:/a:alma:linux:grub2-tools", "p-cpe:/a:alma:linux:grub2-tools-efi", "p-cpe:/a:alma:linux:grub2-tools-extra", "p-cpe:/a:alma:linux:grub2-tools-minimal", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-0696.NASL", "href": "https://www.tenable.com/plugins/nessus/157607", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:0696.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157607);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/10\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"ALSA\", value:\"2021:0696\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"AlmaLinux 8 : grub2 (ALSA-2021:0696)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:0696 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-0696.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'grub2-common-2.02-90.el8_3.1.alma', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-90.el8_3.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-90.el8_3.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-90.el8_3.1.alma', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-90.el8_3.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-90.el8_3.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-90.el8_3.1.alma', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-90.el8_3.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-90.el8_3.1.alma', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.el8_3.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-90.el8_3.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.el8_3.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.el8_3.1.alma', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2-common / grub2-efi-ia32 / grub2-efi-ia32-cdboot / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:15:38", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0701 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "RHEL 7 : grub2 (RHSA-2021:0701)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-05-24T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:grub2", "p-cpe:/a:redhat:enterprise_linux:grub2-common", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot", "p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-pc", "p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le", "p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules", "p-cpe:/a:redhat:enterprise_linux:grub2-tools", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra", "p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal"], "id": "REDHAT-RHSA-2021-0701.NASL", "href": "https://www.tenable.com/plugins/nessus/146959", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0701. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146959);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/24\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0701\");\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"RHEL 7 : grub2 (RHSA-2021:0701)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0701 advisory.\n\n - grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled\n (CVE-2020-14372)\n\n - grub2: Use-after-free in rmmod command (CVE-2020-25632)\n\n - grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647)\n\n - grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749)\n\n - grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled\n (CVE-2020-27779)\n\n - grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225)\n\n - grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1873150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1879577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1886936\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1899966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1900698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1924696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1926263\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(121, 184, 285, 416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-ppc64le-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:grub2-tools-minimal\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/os',\n 'content/eus/rhel/power/7/7.6/ppc64/optional/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/debug',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/os',\n 'content/eus/rhel/power/7/7.6/ppc64/sap/source/SRPMS',\n 'content/eus/rhel/power/7/7.6/ppc64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'grub2-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.86.el7_6.3', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-0.86.el7_6.3', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.86.el7_6.3', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.86.el7_6.3', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.86.el7_6.3', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc-modules-2.02-0.86.el7_6.3', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64-modules-2.02-0.86.el7_6.3', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-ppc64le-modules-2.02-0.86.el7_6.3', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.86.el7_6.3', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-efi-aa64-modules / grub2-efi-ia32 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:43:58", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has grub2 packages installed that are affected by multiple vulnerabilities:\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : grub2 Multiple Vulnerabilities (NS-SA-2021-0097)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:grub2", "p-cpe:/a:zte:cgsl_core:grub2-common", "p-cpe:/a:zte:cgsl_core:grub2-debuginfo", "p-cpe:/a:zte:cgsl_core:grub2-efi-ia32", "p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-cdboot", "p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-modules", "p-cpe:/a:zte:cgsl_core:grub2-efi-x64", "p-cpe:/a:zte:cgsl_core:grub2-efi-x64-cdboot", "p-cpe:/a:zte:cgsl_core:grub2-efi-x64-modules", "p-cpe:/a:zte:cgsl_core:grub2-i386-modules", "p-cpe:/a:zte:cgsl_core:grub2-lang", "p-cpe:/a:zte:cgsl_core:grub2-pc", "p-cpe:/a:zte:cgsl_core:grub2-pc-modules", "p-cpe:/a:zte:cgsl_core:grub2-tools", "p-cpe:/a:zte:cgsl_core:grub2-tools-extra", "p-cpe:/a:zte:cgsl_core:grub2-tools-minimal", "p-cpe:/a:zte:cgsl_main:grub2", "p-cpe:/a:zte:cgsl_main:grub2-common", "p-cpe:/a:zte:cgsl_main:grub2-debuginfo", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-cdboot", "p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-modules", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64-cdboot", "p-cpe:/a:zte:cgsl_main:grub2-efi-x64-modules", "p-cpe:/a:zte:cgsl_main:grub2-i386-modules", "p-cpe:/a:zte:cgsl_main:grub2-pc", "p-cpe:/a:zte:cgsl_main:grub2-pc-modules", "p-cpe:/a:zte:cgsl_main:grub2-tools", "p-cpe:/a:zte:cgsl_main:grub2-tools-extra", "p-cpe:/a:zte:cgsl_main:grub2-tools-minimal", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2021-0097_GRUB2.NASL", "href": "https://www.tenable.com/plugins/nessus/154609", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0097. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154609);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0349\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : grub2 Multiple Vulnerabilities (NS-SA-2021-0097)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has grub2 packages installed that are affected by\nmultiple vulnerabilities:\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0097\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-14372\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25632\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-25647\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-27749\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-27779\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-20225\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-20233\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL grub2 packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20233\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-i386-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-i386-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:grub2-tools-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'grub2-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-common-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-debuginfo-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-efi-ia32-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-efi-ia32-cdboot-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-efi-ia32-modules-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-efi-x64-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-efi-x64-cdboot-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-efi-x64-modules-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-i386-modules-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-lang-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-pc-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-pc-modules-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-tools-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-tools-extra-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite',\n 'grub2-tools-minimal-2.02-0.87.el7.centos.2.cgslv5.0.6.gc208268.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'grub2-2.02-0.87.el7.centos.2.cgslv5.0.4.ga708edf',\n 'grub2-common-2.02-0.87.el7.centos.2.cgslv5.0.4.ga708edf',\n 'grub2-debuginfo-2.02-0.87.el7.centos.2.cgslv5.0.4.ga708edf',\n 'grub2-efi-ia32-2.02-0.87.el7.centos.2.cgslv5.0.4.ga708edf',\n 'grub2-efi-ia32-cdboot-2.02-0.87.el7.centos.2.cgslv5.0.4.
CVE-2020-25632
