Lucene search
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2018-1296.NASLHistorySep 27, 2018 - 12:00 a.m.
EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1296)
2018-09-2700:00:00
This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.(CVE-2018-8781)
-
ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.(CVE-2018-7566)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(117740);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/10");
script_cve_id("CVE-2018-7566", "CVE-2018-8781");
script_name(english:"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1296)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- A an integer overflow vulnerability was discovered in
the Linux kernel, from version 3.4 through 4.15, in the
drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An
attacker with access to the udldrmfb driver could
exploit this to obtain full read and write permissions
on kernel physical pages, resulting in a code execution
in kernel space.(CVE-2018-8781)
- ALSA sequencer core initializes the event pool on
demand by invoking snd_seq_pool_init() when the first
write happens and the pool is empty. A user can reset
the pool size manually via ioctl concurrently, and this
may lead to UAF or out-of-bound access.(CVE-2018-7566)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1296
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b1c0b0c7");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8781");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2018/09/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-3.10.0-327.62.59.83.h108",
"kernel-debug-3.10.0-327.62.59.83.h108",
"kernel-debug-devel-3.10.0-327.62.59.83.h108",
"kernel-debuginfo-3.10.0-327.62.59.83.h108",
"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h108",
"kernel-devel-3.10.0-327.62.59.83.h108",
"kernel-headers-3.10.0-327.62.59.83.h108",
"kernel-tools-3.10.0-327.62.59.83.h108",
"kernel-tools-libs-3.10.0-327.62.59.83.h108",
"perf-3.10.0-327.62.59.83.h108",
"python-perf-3.10.0-327.62.59.83.h108"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | kernel | p-cpe:/a:huawei:euleros:kernel |
| huawei | euleros | kernel-debug | p-cpe:/a:huawei:euleros:kernel-debug |
| huawei | euleros | kernel-debug-devel | p-cpe:/a:huawei:euleros:kernel-debug-devel |
| huawei | euleros | kernel-debuginfo | p-cpe:/a:huawei:euleros:kernel-debuginfo |
| huawei | euleros | kernel-debuginfo-common-x86_64 | p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64 |
| huawei | euleros | kernel-devel | p-cpe:/a:huawei:euleros:kernel-devel |
| huawei | euleros | kernel-headers | p-cpe:/a:huawei:euleros:kernel-headers |
| huawei | euleros | kernel-tools | p-cpe:/a:huawei:euleros:kernel-tools |
| huawei | euleros | kernel-tools-libs | p-cpe:/a:huawei:euleros:kernel-tools-libs |
| huawei | euleros | perf | p-cpe:/a:huawei:euleros:perf |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1296)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1262)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1035-1)
2021-04-19 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-08-16 00:00:00
veracode
veracode
Memory Corruption
2019-05-16 03:11:34
Remote Code Execution (RCE)
2019-05-16 03:18:38
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0991-1)
2018-04-23 00:00:00
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1262)
2018-09-18 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4200)
2018-08-20 00:00:00
f5
f5
K25835344 : Linux kernel vulnerability CVE-2018-8781
2018-05-14 00:00:00
K03564319 : Linux kernel vulnerability CVE-2018-7566
2018-09-10 00:00:00
ubuntucve
ubuntucve
CVE-2018-8781
2018-04-23 00:00:00
CVE-2018-7566
2018-03-30 00:00:00
cve
cve
CVE-2018-8781
2018-04-23 19:29:00
CVE-2018-7566
2018-03-30 21:29:00
debiancve
debiancve
CVE-2018-8781
2018-04-23 19:29:00
CVE-2018-7566
2018-03-30 21:29:00
redhatcve
redhatcve
CVE-2018-7566
2018-03-01 09:48:52
CVE-2018-8781
2020-03-29 13:52:40
suse
suse
prion
prion
Integer overflow
2018-04-23 19:29:00
Buffer overflow
2018-03-30 21:29:00
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2019-02-12 15:40:01
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2018-06-11 00:00:00
Linux kernel vulnerabilities
2018-06-11 00:00:00
Related for EULEROS_SA-2018-1296.NASL