Lucene search
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2018-1005.NASLHistoryJan 19, 2018 - 12:00 a.m.
EulerOS 2.0 SP1 : ncurses (EulerOS-SA-2018-1005)
2018-01-1900:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
According to the version of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.(CVE-2017-16879)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(106146);
script_version("3.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2017-16879"
);
script_name(english:"EulerOS 2.0 SP1 : ncurses (EulerOS-SA-2018-1005)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the ncurses packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :
- Stack-based buffer overflow in the _nc_write_entry
function in tinfo/write_entry.c in ncurses 6.0 allows
attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted
terminfo file, as demonstrated by tic.(CVE-2017-16879)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1005
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9d6c38f1");
script_set_attribute(attribute:"solution", value:
"Update the affected ncurses package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-term");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["ncurses-5.9-13.20130511.h1",
"ncurses-base-5.9-13.20130511.h1",
"ncurses-devel-5.9-13.20130511.h1",
"ncurses-libs-5.9-13.20130511.h1",
"ncurses-term-5.9-13.20130511.h1"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ncurses");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | ncurses | p-cpe:/a:huawei:euleros:ncurses |
| huawei | euleros | ncurses-base | p-cpe:/a:huawei:euleros:ncurses-base |
| huawei | euleros | ncurses-devel | p-cpe:/a:huawei:euleros:ncurses-devel |
| huawei | euleros | ncurses-libs | p-cpe:/a:huawei:euleros:ncurses-libs |
| huawei | euleros | ncurses-term | p-cpe:/a:huawei:euleros:ncurses-term |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
Related
nessus
nessus
EulerOS 2.0 SP2 : ncurses (EulerOS-SA-2018-1006)
2018-01-19 00:00:00
Photon OS 1.0: Ncurses PHSA-2017-1.0-0093
2019-02-07 00:00:00
Photon OS 2.0: Ncurses PHSA-2017-0053
2019-02-07 00:00:00
cve
cve
CVE-2017-16879
2017-11-22 22:29:00
debiancve
debiancve
CVE-2017-16879
2017-11-22 22:29:00
redhatcve
redhatcve
CVE-2017-16879
2017-11-27 17:20:48
ubuntucve
ubuntucve
CVE-2017-16879
2017-11-22 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2018-1005)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2018-1006)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-5477-1)
2022-08-26 00:00:00
prion
prion
Stack overflow
2017-11-22 22:29:00
alpinelinux
alpinelinux
CVE-2017-16879
2017-11-22 22:29:00
osv
osv
CVE-2017-16879
2017-11-22 22:29:00
ncurses vulnerabilities
2022-06-14 11:17:52
photon
photon
Important Photon OS Security Update - PHSA-2017-0006
2017-12-13 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2017-1.0-0093
2017-12-18 00:00:00
Critical Photon OS Security Update - PHSA-2017-0093
2017-12-18 00:00:00
ubuntu
ubuntu
ncurses vulnerabilities
2022-06-14 00:00:00
ibm
ibm
suse
suse
Security update for ncurses (important)
2017-12-01 18:16:43
mageia
mageia
Updated ncurses packages fix security vulnerabilities
2018-01-01 04:17:34
gentoo
gentoo
ncurses: Multiple vulnerabilities
2018-04-17 00:00:00
Related for EULEROS_SA-2018-1005.NASL