EulerOS 2.0 SP5 : spice (EulerOS-SA-2019-1012)

🗓️ 08 Jan 2019 00:00:00Reported by TenableType

EulerOS 2.0 SP5 spice package vulnerabilit

Reporter	Title	Published	Views	Family All 134
IBM Security Bulletins	Security Bulletin: A vulnerability in SPICE affects PowerKVM	17 Dec 201814:25	–	ibm
IBM Security Bulletins	Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u	5 Dec 201822:20	–	ibm
AlpineLinux	CVE-2018-10873	17 Aug 201812:00	–	alpinelinux
BDU FSTEC	The vulnerability of the `write_validate_array_item()` function in the SPICE rendering system’s “demarshal.py” file, related to insufficient input data validation, allows attackers to access confidential information or cause service failures.	5 Feb 201900:00	–	bdu_fstec
Tenable Nessus	CentOS 7 : spice / spice-gtk (CESA-2018:2731)	1 Oct 201800:00	–	nessus
Tenable Nessus	CentOS 6 : spice-gtk / spice-server (CESA-2018:2732)	1 Oct 201800:00	–	nessus
Tenable Nessus	Debian DLA-1486-1 : spice security update	4 Sep 201800:00	–	nessus
Tenable Nessus	Debian DLA-1489-1 : spice-gtk security update	4 Sep 201800:00	–	nessus
Tenable Nessus	Debian DSA-4319-1 : spice - security update	16 Oct 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : spice-gtk (EulerOS-SA-2018-1355)	6 Nov 201800:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(121000);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/27");

  script_cve_id("CVE-2018-10873");

  script_name(english:"EulerOS 2.0 SP5 : spice (EulerOS-SA-2019-1012)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the spice package installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - Missing check in
    demarshal.py:write_validate_array_item() allows for
    buffer overflow and denial of service (CVE-2018-10873)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1012
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c2a0c073");
  script_set_attribute(attribute:"solution", value:
"Update the affected spice package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10873");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:spice-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["spice-server-0.14.0-2.5.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spice");
}

27 Jun 2024 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 26.5

CVSS 38.3 - 8.8

EPSS0.01046