According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)
An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573)
A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(99905);
script_version("1.77");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2016-5139",
"CVE-2016-5158",
"CVE-2016-5159",
"CVE-2016-7163",
"CVE-2016-9573",
"CVE-2016-9675"
);
script_name(english:"EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2017-1060)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the openjpeg package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Multiple integer overflow flaws, leading to heap-based
buffer overflows, were found in OpenJPEG. A specially
crafted JPEG2000 image could cause an application using
OpenJPEG to crash or, potentially, execute arbitrary
code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159,
CVE-2016-7163)
- An out-of-bounds read vulnerability was found in
OpenJPEG, in the j2k_to_image tool. Converting a
specially crafted JPEG2000 file to another format could
cause the application to crash or, potentially,
disclose some data from the heap. (CVE-2016-9573)
- A heap-based buffer overflow vulnerability was found in
OpenJPEG. A specially crafted JPEG2000 image, when read
by an application using OpenJPEG, could cause the
application to crash or, potentially, execute arbitrary
code. (CVE-2016-9675)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1060
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a3feb88");
script_set_attribute(attribute:"solution", value:
"Update the affected openjpeg packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"patch_publication_date", value:"2017/03/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openjpeg-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["openjpeg-libs-1.5.1-16"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5158
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9675
www.nessus.org/u?2a3feb88