Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1108.NASL
HistoryMar 26, 2019 - 12:00 a.m.

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1108)

2019-03-2600:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
41
JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • A flaw was discovered in the Linux kernel’s USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data.
    By using a specially crafted USB device which sends a forged extra descriptor, an unprivileged user with physical access to the system can potentially cause a privilege escalation or trigger a system crash or lock up and thus to cause a denial of service (DoS).(CVE-2018-20169)

  • Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused.(CVE-2018-18281)

  • A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service. (CVE-2017-18360)

  • A flaw was found in the Linux kernel’s ext4 filesystem.
    A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)

  • A flaw was found in the Linux kernel’s ext4 filesystem.
    A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(123121);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/20");

  script_cve_id(
    "CVE-2017-18360",
    "CVE-2018-10878",
    "CVE-2018-10881",
    "CVE-2018-18281",
    "CVE-2018-20169"
  );

  script_name(english:"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1108)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - A flaw was discovered in the Linux kernel's USB
    subsystem in the __usb_get_extra_descriptor() function
    in the drivers/usb/core/usb.c which mishandles a size
    check during the reading of an extra descriptor data.
    By using a specially crafted USB device which sends a
    forged extra descriptor, an unprivileged user with
    physical access to the system can potentially cause a
    privilege escalation or trigger a system crash or lock
    up and thus to cause a denial of service
    (DoS).(CVE-2018-20169)

  - Since Linux kernel version 3.2, the mremap() syscall
    performs TLB flushes after dropping pagetable locks. If
    a syscall such as ftruncate() removes entries from the
    pagetables of a task that is in the middle of mremap(),
    a stale TLB entry can remain for a short time that
    permits access to a physical page after it has been
    released back to the page allocator and
    reused.(CVE-2018-18281)

  - A division-by-zero in set_termios(), when debugging is
    enabled, was found in the Linux kernel. When the
    [io_ti] driver is loaded, a local unprivileged attacker
    can request incorrect high transfer speed in the
    change_port_settings() in the
    drivers/usb/serial/io_ti.c so that the divisor value
    becomes zero and causes a system crash resulting in a
    denial of service. (CVE-2017-18360)

  - A flaw was found in the Linux kernel's ext4 filesystem.
    A local user can cause an out-of-bound access in
    ext4_get_group_info function, a denial of service, and
    a system crash by mounting and operating on a crafted
    ext4 filesystem image.(CVE-2018-10881)

  - A flaw was found in the Linux kernel's ext4 filesystem.
    A local user can cause an out-of-bounds write and a
    denial of service or unspecified other impact is
    possible by mounting and operating a crafted ext4
    filesystem image.(CVE-2018-10878)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1108
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7f33765a");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20169");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-18281");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["kernel-3.10.0-514.44.5.10.h165",
        "kernel-debuginfo-3.10.0-514.44.5.10.h165",
        "kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h165",
        "kernel-devel-3.10.0-514.44.5.10.h165",
        "kernel-headers-3.10.0-514.44.5.10.h165",
        "kernel-tools-3.10.0-514.44.5.10.h165",
        "kernel-tools-libs-3.10.0-514.44.5.10.h165",
        "perf-3.10.0-514.44.5.10.h165",
        "python-perf-3.10.0-514.44.5.10.h165"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-debuginfop-cpe:/a:huawei:euleros:kernel-debuginfo
huaweieuleroskernel-debuginfo-common-x86_64p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64
huaweieuleroskernel-develp-cpe:/a:huawei:euleros:kernel-devel
huaweieuleroskernel-headersp-cpe:/a:huawei:euleros:kernel-headers
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerosperfp-cpe:/a:huawei:euleros:perf
huaweieulerospython-perfp-cpe:/a:huawei:euleros:python-perf
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 45
nessus 67
veracode 5
debiancve 5
cve 5
prion 5
ubuntucve 6
redhatcve 4
cbl_mariner 2
photon 2
suse 4
f5 1
packetstorm 1
redhat 9
amazon 2
fedora 2
oraclelinux 9
ubuntu 15
ibm 2
cloudfoundry 3
googleprojectzero 1
altlinux 1
mageia 2
centos 1
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1108)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1253)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1244)
2020-01-23 00:00:00
nessus
nessus
EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1253)
2019-04-04 00:00:00
EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1244)
2019-04-04 00:00:00
RHEL 7 : kernel (RHSA-2020:2770)
2020-06-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:18:33
Memory Corruption
2019-05-16 03:18:34
Denial Of Service (DoS)
2019-08-08 00:07:17
debiancve
debiancve
CVE-2017-18360
2019-01-31 09:29:00
CVE-2018-20169
2018-12-17 07:29:00
CVE-2018-10881
2018-07-26 18:29:00
cve
cve
CVE-2017-18360
2019-01-31 09:29:00
CVE-2018-10881
2018-07-26 18:29:00
CVE-2018-20169
2018-12-17 07:29:00
prion
prion
Design/Logic Flaw
2019-01-31 09:29:00
Design/Logic Flaw
2018-07-26 18:29:00
Code injection
2018-12-17 07:29:00
ubuntucve
ubuntucve
CVE-2017-18360
2019-01-31 00:00:00
CVE-2018-10881
2018-07-26 00:00:00
CVE-2018-20169
2018-12-17 00:00:00
redhatcve
redhatcve
CVE-2018-10881
2019-10-21 06:03:17
CVE-2018-20169
2020-04-03 02:00:45
CVE-2018-18281
2020-04-08 05:14:54
cbl_mariner
cbl_mariner
CVE-2018-20169 affecting package kernel 6.6.14.1-2
2024-04-02 21:08:16
CVE-2018-20169 affecting package kernel 5.15.148.2-2
2024-02-25 03:00:06
photon
photon
Important Photon OS Security Update - PHSA-2018-0165
2018-07-16 00:00:00
Important Photon OS Security Update - PHSA-2018-0076
2018-07-27 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2018-12-15 00:15:13
Security update for the Linux Kernel (important)
2018-08-17 12:32:52
Security update for the Linux Kernel (important)
2018-08-17 12:20:07
f5
f5
K36462841 : Linux kernel vulnerability CVE-2018-18281
2022-07-08 00:00:00
packetstorm
packetstorm
Linux mremap() TLB Flush Too Late
2018-10-29 00:00:00
redhat
redhat
(RHSA-2020:2777) Moderate: kernel-rt security and bug fix update
2020-07-01 08:17:17
(RHSA-2020:2770) Moderate: kernel security and bug fix update
2020-06-30 11:41:33
(RHSA-2020:0179) Moderate: kernel security and bug fix update
2020-01-21 15:14:53
amazon
amazon
Medium: kernel
2019-01-09 22:47:00
Medium: kernel
2019-01-07 22:25:00
fedora
fedora
[SECURITY] Fedora 28 Update: kernel-headers-4.19.10-200.fc28
2018-12-21 05:54:56
[SECURITY] Fedora 28 Update: kernel-tools-4.19.10-200.fc28
2018-12-21 05:54:56
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-05-15 00:00:00
Unbreakable Enterprise kernel security update
2019-03-31 00:00:00
Unbreakable Enterprise kernel security update
2019-07-29 00:00:00
ubuntu
ubuntu
Linux kernel (Xenial HWE) vulnerabilities
2018-08-24 00:00:00
Linux kernel vulnerabilities
2018-08-24 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2019-02-04 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by multiple kernel vulnerabilities
2022-07-12 23:39:03
Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities
2019-06-27 08:40:01
cloudfoundry
cloudfoundry
USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3879-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2019-02-15 00:00:00
USN-3871-4: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2019-02-15 00:00:00
googleprojectzero
googleprojectzero
Taking a page from the kernel's book: A TLB issue in mremap()
2019-01-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package kernel-image-std-pae version 1:4.4.140-alt0.M80P.1
2018-07-16 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-10-27 12:45:46
Updated kernel-tmb packages fix security vulnerabilities
2018-10-27 12:45:46
centos
centos
bpftool, kernel, perf, python security update
2018-11-15 18:40:28
JSON
Related for EULEROS_SA-2019-1108.NASL
openvas45nessus67veracode5debiancve5cve5prion5ubuntucve6redhatcve4cbl_mariner2photon2suse4f51packetstorm1redhat9amazon2fedora2oraclelinux9ubuntu15ibm2cloudfoundry3googleprojectzero1altlinux1mageia2centos1