Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2018-1406.NASL
HistoryDec 11, 2018 - 12:00 a.m.

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1406)

2018-12-1100:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members.(CVE-2018-13405)

  • fuse-backed file mmap-ed onto process cmdline arguments causes denial of service.(CVE-2018-1120)

  • The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn’t properly validate the sigevent-sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).(CVE-2017-18344)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(119565);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");

  script_cve_id(
    "CVE-2017-18344",
    "CVE-2018-1120",
    "CVE-2018-13405"
  );

  script_name(english:"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1406)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - Missing check in fs/inode.c:inode_init_owner() does not
    clear SGID bit on non-directories for
    non-members.(CVE-2018-13405)

  - fuse-backed file mmap-ed onto process cmdline arguments
    causes denial of service.(CVE-2018-1120)

  - The timer_create syscall implementation in
    kernel/time/posix-timers.c in the Linux kernel before
    4.14.8 doesn't properly validate the
    sigevent-sigev_notify field, which leads to
    out-of-bounds access in the show_timer function (called
    when /proc/PID/timers is read). This allows userspace
    applications to read arbitrary kernel memory (on a
    kernel built with CONFIG_POSIX_TIMERS and
    CONFIG_CHECKPOINT_RESTORE).(CVE-2017-18344)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1406
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a0c8369c");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["kernel-3.10.0-514.44.5.10.h153",
        "kernel-debuginfo-3.10.0-514.44.5.10.h153",
        "kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h153",
        "kernel-devel-3.10.0-514.44.5.10.h153",
        "kernel-headers-3.10.0-514.44.5.10.h153",
        "kernel-tools-3.10.0-514.44.5.10.h153",
        "kernel-tools-libs-3.10.0-514.44.5.10.h153",
        "perf-3.10.0-514.44.5.10.h153",
        "python-perf-3.10.0-514.44.5.10.h153"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-debuginfop-cpe:/a:huawei:euleros:kernel-debuginfo
huaweieuleroskernel-debuginfo-common-x86_64p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64
huaweieuleroskernel-develp-cpe:/a:huawei:euleros:kernel-devel
huaweieuleroskernel-headersp-cpe:/a:huawei:euleros:kernel-headers
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerosperfp-cpe:/a:huawei:euleros:perf
huaweieulerospython-perfp-cpe:/a:huawei:euleros:python-perf
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 28
nessus 70
oraclelinux 5
exploitpack 1
f5 3
packetstorm 1
redhatcve 5
canvas 1
zdt 2
cve 5
veracode 3
osv 8
virtuozzo 7
ubuntucve 5
prion 5
debiancve 5
centos 3
redhat 21
exploitdb 1
suse 2
debian 3
almalinux 1
rocky 1
fedora 3
cnvd 1
amazon 2
ibm 1
photon 1
mageia 1
ubuntu 3
gentoo 1
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1406)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1369)
2020-01-23 00:00:00
CentOS Update for kernel CESA-2019:0717 centos6
2019-04-13 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4211)
2018-09-12 00:00:00
Virtuozzo 7 : readykernel-patch (VZA-2018-050)
2018-08-07 00:00:00
EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1369)
2018-11-21 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-09-10 00:00:00
kernel security and bug fix update
2019-04-11 00:00:00
Unbreakable Enterprise kernel security update
2018-09-13 00:00:00
exploitpack
exploitpack
Linux Kernel 4.14.7 (Ubuntu 16.04 CentOS 7) - (KASLR SMEP Bypass) Arbitrary File Read
2018-08-09 00:00:00
f5
f5
K07020416 : Linux kernel vulnerability CVE-2017-18344
2020-12-08 00:00:00
K00854051 : Linux kernel vulnerability CVE-2018-13405
2019-05-09 00:00:00
K42202505 : Linux kernel vulnerability CVE-2018-1120
2020-12-09 00:00:00
packetstorm
packetstorm
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) Arbitrary File Read
2018-08-09 00:00:00
redhatcve
redhatcve
CVE-2017-18344
2018-08-01 17:49:05
CVE-2018-13405
2019-10-20 12:07:00
CVE-2018-1120
2020-01-07 21:28:06
canvas
canvas
Immunity Canvas: SHOW_TIMER_LEAK
2018-07-26 19:29:00
zdt
zdt
Linux Kernel 4.14.7 ( Ubuntu 16.04 / CentOS 7) Arbitrary File Read Exploit
2018-08-09 00:00:00
Linux Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Exploit
2018-07-16 00:00:00
cve
cve
CVE-2017-18344
2018-07-26 19:29:00
CVE-2018-13405
2018-07-06 14:29:00
CVE-2018-1120
2018-06-20 13:29:00
veracode
veracode
Information Disclosure
2019-01-15 09:26:26
Privilege Escalation
2019-05-16 03:18:36
Denial Of Service (DoS)
2019-05-16 03:18:36
osv
osv
CVE-2017-18344
2018-07-26 19:29:00
CVE-2018-13405
2018-07-06 14:29:01
CVE-2018-1120
2018-06-20 13:29:00
virtuozzo
virtuozzo
Important kernel security update: CVE-2017-18344; Virtuozzo ReadyKernel patch 56.0 for all supported Virtuozzo 7.0 kernels
2018-08-06 00:00:00
Important kernel security update: CVE-2017-18344; Virtuozzo ReadyKernel patch 56.0 for Virtuozzo 7.0.8
2018-08-09 00:00:00
Important kernel security update: New kernel 2.6.32-042stab137.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2019-04-30 00:00:00
ubuntucve
ubuntucve
CVE-2017-18344
2018-07-26 00:00:00
CVE-2018-13405
2018-07-06 00:00:00
CVE-2018-1120
2018-05-17 00:00:00
prion
prion
Design/Logic Flaw
2018-07-26 19:29:00
Design/Logic Flaw
2018-07-06 14:29:00
Design/Logic Flaw
2018-06-20 13:29:00
debiancve
debiancve
CVE-2017-18344
2018-07-26 19:29:00
CVE-2018-13405
2018-07-06 14:29:00
CVE-2018-1120
2018-06-20 13:29:00
centos
centos
kernel, perf, python security update
2019-04-12 13:58:58
bpftool, kernel, perf, python security update
2023-03-08 16:36:50
bpftool, kernel, perf, python security update
2022-08-15 17:35:43
redhat
redhat
(RHSA-2019:0717) Important: kernel security and bug fix update
2019-04-09 13:02:02
(RHSA-2019:2566) Important: kernel security, bug fix, and enhancement update
2019-08-27 10:11:44
(RHSA-2020:3810) Moderate: kernel-rt security and bug fix update
2020-09-22 14:41:35
exploitdb
exploitdb
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR &amp; SMEP Bypass) Arbitrary File Read
2018-08-09 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2018-08-07 21:10:43
Security update for the Linux Kernel (important)
2018-07-28 15:09:53
debian
debian
[SECURITY] [DSA 4266-1] linux security update
2018-08-06 18:39:46
[SECURITY] [DSA 4266-1] linux security update
2018-08-06 18:39:46
[SECURITY] [DLA 1466-1] linux-4.9 security update
2018-08-15 12:18:26
almalinux
almalinux
Moderate: virt:rhel and virt-devel:rhel security update
2022-03-15 09:10:17
rocky
rocky
virt:rhel and virt-devel:rhel security update
2022-03-15 09:10:17
fedora
fedora
[SECURITY] Fedora 35 Update: qemu-6.1.0-14.fc35
2022-02-15 01:38:50
[SECURITY] Fedora 34 Update: qemu-5.2.0-9.fc34
2022-02-25 17:03:11
[SECURITY] Fedora 28 Update: kernel-4.16.10-300.fc28
2018-05-23 15:43:22
cnvd
cnvd
QEMU Elevation of Privilege Vulnerability (CNVD-2022-84163)
2022-01-27 00:00:00
amazon
amazon
Important: kernel
2018-06-08 18:33:00
Important: kernel
2018-06-08 18:08:00
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801q
2018-10-10 21:05:01
photon
photon
Important Photon OS Security Update - PHSA-2018-0169
2018-07-31 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-05-31 23:34:08
ubuntu
ubuntu
Linux kernel vulnerabilities
2018-08-14 00:00:00
Linux kernel (Trusty HWE) regressions
2018-08-21 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2018-08-14 00:00:00
gentoo
gentoo
procps: Multiple vulnerabilities
2018-05-30 00:00:00
JSON
Related for EULEROS_SA-2018-1406.NASL
openvas28nessus70oraclelinux5exploitpack1f53packetstorm1redhatcve5canvas1zdt2cve5veracode3osv8virtuozzo7ubuntucve5prion5debiancve5centos3redhat21exploitdb1suse2debian3almalinux1rocky1fedora3cnvd1amazon2ibm1photon1mageia1ubuntu3gentoo1