Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2018-1272.NASL
HistorySep 18, 2018 - 12:00 a.m.

EulerOS Virtualization 2.5.1 : glibc (EulerOS-SA-2018-1272)

2018-09-1800:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  • The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(117581);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2014-9402"
  );
  script_bugtraq_id(
    71670
  );

  script_name(english:"EulerOS Virtualization 2.5.1 : glibc (EulerOS-SA-2018-1272)");
  script_summary(english:"Checks the rpm output for the updated package.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the glibc packages installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerability :

  - The nss_dns implementation of getnetbyname in GNU C
    Library (aka glibc) before 2.21, when the DNS backend
    in the Name Service Switch configuration is enabled,
    allows remote attackers to cause a denial of service
    (infinite loop) by sending a positive answer while a
    network name is being process.(CVE-2014-9402)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1272
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?55f2cf0e");
  script_set_attribute(attribute:"solution", value:
"Update the affected glibc package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/07/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.5.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["glibc-2.17-157.h14",
        "glibc-common-2.17-157.h14",
        "glibc-devel-2.17-157.h14",
        "glibc-headers-2.17-157.h14",
        "nscd-2.17-157.h14"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
}
VendorProductVersionCPE
huaweieulerosglibcp-cpe:/a:huawei:euleros:glibc
huaweieulerosglibc-commonp-cpe:/a:huawei:euleros:glibc-common
huaweieulerosglibc-develp-cpe:/a:huawei:euleros:glibc-devel
huaweieulerosglibc-headersp-cpe:/a:huawei:euleros:glibc-headers
huaweieulerosnscdp-cpe:/a:huawei:euleros:nscd
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:2.5.1

Related

f5 2
debiancve 1
prion 1
nessus 24
openvas 16
ubuntucve 1
cve 1
debian 2
archlinux 1
mageia 1
fedora 1
ibm 10
ubuntu 1
securityvulns 2
redhat 1
centos 1
amazon 1
oraclelinux 2
osv 1
gentoo 1
packetstorm 2
oracle 1
f5
f5
K16365 : glibc vulnerability CVE-2014-9402
2015-07-23 00:00:00
SOL16365 - GNU C Library (glibc) vulnerability CVE-2014-9402
2015-04-03 00:00:00
debiancve
debiancve
CVE-2014-9402
2015-02-24 15:59:00
prion
prion
Design/Logic Flaw
2015-02-24 15:59:00
nessus
nessus
RHEL 5 / 6 / 7 : glibc (CVE-2014-9402)
2016-02-19 00:00:00
F5 Networks BIG-IP : glibc vulnerability (K16365)
2018-12-18 00:00:00
Debian DLA-122-1 : eglibc security update
2015-03-26 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2018-1272)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-122-1)
2023-03-08 00:00:00
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2017-1147)
2020-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2014-9402
2015-02-24 00:00:00
cve
cve
CVE-2014-9402
2015-02-24 15:59:00
debian
debian
[SECURITY] [DLA 122-1] eglibc security update
2014-12-22 23:19:26
[SECURITY] [DSA 3169-1] eglibc security update
2015-02-23 06:08:58
archlinux
archlinux
glibc: arbitrary code execution
2014-12-18 00:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2015-01-08 15:24:22
fedora
fedora
[SECURITY] Fedora 21 Update: glibc-2.20-8.fc21
2015-03-04 10:27:01
ibm
ibm
Security Bulletin: Vulnerabilities in GNU C Library Affect Power Hardware Management Console (CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472)
2021-09-23 01:31:39
Security Bulletin: Vulnerabilities in glibc affect IBM Integrated Management Module II (IMM2) for System x, BladeCenter and Flex Systems (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, CVE-2014-9402)
2023-04-18 18:22:18
Security Bulletin: Multiple vulnerabilities in glibc affect IBM Flex System Manager(FSM) (CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472)
2019-01-31 01:45:01
ubuntu
ubuntu
GNU C Library vulnerabilities
2015-02-26 00:00:00
securityvulns
securityvulns
GNU glibc multiple security vulnerabilities
2015-03-07 00:00:00
[SECURITY] [DSA 3169-1] eglibc security update
2015-03-07 00:00:00
redhat
redhat
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update
2018-04-10 05:01:26
centos
centos
glibc, nscd security update
2018-04-26 17:41:43
amazon
amazon
Important: glibc
2018-05-10 17:45:00
oraclelinux
oraclelinux
glibc security update
2018-04-18 00:00:00
glibc security, bug fix, and enhancement update
2018-04-16 00:00:00
osv
osv
eglibc - security update
2015-02-23 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
packetstorm
packetstorm
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
2019-09-04 00:00:00
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
2019-06-13 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00
JSON
Related for EULEROS_SA-2018-1272.NASL
f52debiancve1prion1nessus24openvas16ubuntucve1cve1debian2archlinux1mageia1fedora1ibm10ubuntu1securityvulns2redhat1centos1amazon1oraclelinux2osv1gentoo1packetstorm2oracle1