Lucene search
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2018-1407.NASLHistoryDec 28, 2018 - 12:00 a.m.
EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1407)
2018-12-2800:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
33
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking.
This is similar to CVE-2018-10940.(CVE-2018-16658)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(119896);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2018-16658"
);
script_name(english:"EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1407)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the kernel packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerability :
- An issue was discovered in the Linux kernel before
4.18.6. An information leak in cdrom_ioctl_drive_status
in drivers/cdrom/cdrom.c could be used by local
attackers to read kernel memory because a cast from
unsigned long to int interferes with bounds checking.
This is similar to CVE-2018-10940.(CVE-2018-16658)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1407
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?67fe5784");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2018/12/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.5.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-3.10.0-514.44.5.10_112",
"kernel-devel-3.10.0-514.44.5.10_112",
"kernel-headers-3.10.0-514.44.5.10_112",
"kernel-tools-3.10.0-514.44.5.10_112",
"kernel-tools-libs-3.10.0-514.44.5.10_112",
"kernel-tools-libs-devel-3.10.0-514.44.5.10_112"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | kernel | p-cpe:/a:huawei:euleros:kernel |
| huawei | euleros | kernel-devel | p-cpe:/a:huawei:euleros:kernel-devel |
| huawei | euleros | kernel-headers | p-cpe:/a:huawei:euleros:kernel-headers |
| huawei | euleros | kernel-tools | p-cpe:/a:huawei:euleros:kernel-tools |
| huawei | euleros | kernel-tools-libs | p-cpe:/a:huawei:euleros:kernel-tools-libs |
| huawei | euleros | kernel-tools-libs-devel | p-cpe:/a:huawei:euleros:kernel-tools-libs-devel |
| huawei | euleros | uvp | cpe:/o:huawei:euleros:uvp:2.5.2 |
Related
f5
f5
K40523020 : Linux kernel vulnerability CVE-2018-16658
2019-01-31 00:00:00
K11165942 : Linux kernel vulnerability CVE-2018-18710
2019-01-21 00:00:00
nessus
nessus
F5 Networks BIG-IP : Linux kernel vulnerability (K40523020)
2021-03-10 00:00:00
EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1373)
2018-11-21 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4288)
2018-11-29 00:00:00
prion
prion
Out-of-bounds
2018-09-07 14:29:00
Design/Logic Flaw
2018-10-29 12:29:00
Out-of-bounds
2018-05-09 17:29:00
cve
cve
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1407)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1373)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1189)
2020-01-23 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-11-28 00:00:00
Unbreakable Enterprise kernel security update
2018-09-26 00:00:00
Unbreakable Enterprise kernel security update
2018-12-09 00:00:00
redhatcve
redhatcve
CVE-2018-16658
2018-09-11 11:24:52
CVE-2018-10940
2020-02-05 01:50:30
veracode
veracode
Information Disclosure
2019-08-08 00:07:16
Memory Corruption And Code Execution
2019-05-16 03:18:35
fedora
fedora
[SECURITY] Fedora 28 Update: kernel-headers-4.18.7-200.fc28
2018-09-14 23:14:35
[SECURITY] Fedora 28 Update: kernel-tools-4.18.7-200.fc28
2018-09-14 23:14:36
suse
suse
Security update for the Linux Kernel (important)
2018-11-07 21:11:37
Security update for the Linux Kernel (important)
2018-11-20 21:08:45
Security update for the Linux Kernel (important)
2018-09-16 15:07:35
amazon
amazon
Important: kernel
2018-10-08 22:12:00
Important: kernel
2018-10-03 02:57:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2018-11-14 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2018-06-11 00:00:00
Linux kernel vulnerabilities
2018-06-11 00:00:00
cloudfoundry
cloudfoundry
USN-3676-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-06-20 00:00:00
USN-3820-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2018-11-20 00:00:00
USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-10-25 00:00:00
debian
debian
[SECURITY] [DLA 1392-1] linux security update
2018-06-01 11:08:06
[SECURITY] [DLA 1422-2] linux security update
2018-07-15 03:01:36
[SECURITY] [DLA 1422-1] linux security update
2018-07-14 19:32:04
osv
osv
linux - security update
2018-06-01 00:00:00
linux - security update
2018-07-14 00:00:00
linux - security update
2018-10-01 00:00:00
redhat
redhat
photon
photon
Important Photon OS Security Update - PHSA-2018-0041
2018-05-03 00:00:00
Important Photon OS Security Update - PHSA-2018-0190
2018-09-25 00:00:00
Important Photon OS Security Update - PHSA-2018-0101
2018-10-10 00:00:00
ibm
ibm
Related for EULEROS_SA-2018-1407.NASL